Multiple vulnerabilities in Intel PROSet/Wireless WiFi Software



Published: 2020-04-17
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-0557
CVE-2020-0558
CWE-ID CWE-119
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		Intel PROSet/Wireless WiFi Software
Hardware solutions / Drivers

Vendor Intel

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Insecure Inherited Permissions

EUVDB-ID: #VU27011

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-0557

CWE-ID: N/A

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insecure inherited permissions. A local user can gain elevated privileges on the target system.

This vulnerability affects Intel PROSet/Wireless WiFi software for the following products:

  • Intel Wi-Fi 6 AX201 Intel® Wi-Fi 6 AX200
  • Intel Wireless-AC 9560
  • Intel Wireless-AC 9462
  • Intel Wireless-AC 9461
  • Intel Wireless-AC 9260
  • Intel Dual Band Wireless-AC 8265
  • Intel Dual Band Wireless-AC 8260
  • Intel Dual Band Wireless-AC 3168
  • Intel Wireless 7265 (Rev D) Family
  • Intel Dual Band Wireless-AC 3165

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi Software: before 21.70

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU27012

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-0558

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in kernel mode driver. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.

This vulnerability affects Intel PROSet/Wireless WiFi software for the following products:

  • Intel Wi-Fi 6 AX201 Intel® Wi-Fi 6 AX200
  • Intel Wireless-AC 9560
  • Intel Wireless-AC 9462
  • Intel Wireless-AC 9461
  • Intel Wireless-AC 9260
  • Intel Dual Band Wireless-AC 8265
  • Intel Dual Band Wireless-AC 8260
  • Intel Dual Band Wireless-AC 3168
  • Intel Wireless 7265 (Rev D) Family
  • Intel Dual Band Wireless-AC 3165

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi Software: before 21.70

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###