PT-2022-3027 · Intel · Intel In-Band Manageability

Published

2022-05-10

Updated

2022-05-19

CVE-2021-0193

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Intel(R) In-Band Manageability software versions prior to 2.13.0

Description The issue is related to improper authentication in the Intel(R) In-Band Manageability software, which may allow a privileged user to potentially enable escalation of privilege via network access. This could be exploited by a remote attacker to bypass authentication and elevate their privileges.

Recommendations For versions prior to 2.13.0, update to version 2.13.0 or later to resolve the issue. As a temporary workaround, consider restricting network access to the Intel(R) In-Band Manageability software until a patch is applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2022-03693

CVE-2021-0193

Affected Products

Intel In-Band Manageability

PT-2022-3027 · Intel · Intel In-Band Manageability

CVE-2021-0193

Weakness Enumeration

Related Identifiers

Affected Products

References · 6