Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00521
HistoryJun 08, 2021 - 12:00 a.m.

Intel® Security Library Advisory

2021-06-0800:00:00
Intel Security Center
www.intel.com
10
intel
security library
vulnerabilities
privilege escalation
denial of service
information disclosure
update
3rd generation xeon scalable processor
2nd generation xeon scalable processor
1st generation xeon scalable processor
xeon w processor
github
coordinated disclosure

EPSS

0.001

Percentile

35.6%

JSON

Summary:

Potential security vulnerabilities in the Intel® Security Library may allow escalation of privilege, denial of service or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.****

Vulnerability Details:

CVEID: CVE-2021-0133

Description: Key exchange without entity authentication in the Intel® Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 7.7 High

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N****

CVEID: CVE-2021-0132

Description: Missing release of resource after effective lifetime in an API for the Intel® Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H****

CVEID: CVE-2021-0131

Description: Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel® Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 4.6 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N****

CVEID: CVE-2021-0134

Description: Improper input validation in an API for the Intel® Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.

CVSS Base Score: 4.2 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H****

Affected Products:

3rd Generation Intel® Xeon® Scalable Processor

2nd Gen Intel® Xeon® Scalable processor

1st Gen Intel® Xeon® Scalable processor

Intel® Xeon® W processor 3200 series

Intel® Xeon® W processor 3100 series

Recommendations:

Intel recommends that users of Intel® Security Library update to 3.3 or later.

Updates are available for download at this location: Intel GitHub

Acknowledgements:

The following issues were found internally by Intel employees. Intel would like to thank Ryan Hall and Brent Holtsclaw of the DCG Red Team.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 4
cve 4
prion 4
nvd 4
threatpost 1
cvelist
cvelist
CVE-2021-0134
2021-06-09 19:10:59
CVE-2021-0133
2021-06-09 19:10:04
CVE-2021-0132
2021-06-09 19:10:13
cve
cve
CVE-2021-0134
2021-06-09 20:15:08
CVE-2021-0133
2021-06-09 20:15:08
CVE-2021-0132
2021-06-09 20:15:08
prion
prion
Design/Logic Flaw
2021-06-09 20:15:00
Input validation
2021-06-09 20:15:00
Authentication flaw
2021-06-09 20:15:00
nvd
nvd
CVE-2021-0132
2021-06-09 20:15:08
CVE-2021-0133
2021-06-09 20:15:08
CVE-2021-0134
2021-06-09 20:15:08
threatpost
threatpost
Intel Plugs 29 Holes in CPUs, Bluetooth, Security
2021-06-09 16:17:39

EPSS

0.001

Percentile

35.6%

JSON
Related for INTEL:INTEL-SA-00521
cvelist4cve4prion4nvd4threatpost1