Multiple vulnerabilities in Intel® Wireless Bluetooth® devices
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-0554 CVE-2020-0555 CVE-2020-0553 CVE-2019-14620 |
| CWE-ID | CWE-362 CWE-20 CWE-125 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Race condition
EUVDB-ID: #VU45652
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0554
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in software installer for Windows systems. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Windows* OS:
Windows 10 - update to version 21.70 or later, available for download at this location:
Windows* 7 & 8.1 - update to version 21.40 Hot Fix or later, available for download at this location:
Vulnerable software versions
Intel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU45653
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0555
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a improper input validation. A local user can run a specially crafted application to escalate privileges on the system.
MitigationInstall updates from vendor's website.
Windows* OS:
Windows 10 - update to version 21.70 or later, available for download at this location:
Windows* 7 & 8.1 - update to version 21.40 Hot Fix or later, available for download at this location:
Vulnerable software versions
Intel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU45654
Risk: Low
CVSSv3.1: 2.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0553
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Windows* OS:
Windows 10 - update to version 21.70 or later, available for download at this location:
Windows* 7 & 8.1 - update to version 21.40 Hot Fix or later, available for download at this location:
Vulnerable software versions
Intel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU45655
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14620
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a improper input validation. A remote attacker with physical proximity to the system can send specially crafted Bluetooth packets and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Windows* OS:
Windows 10 - update to version 21.70 or later, available for download at this location:
Windows* 7 & 8.1 - update to version 21.40 Hot Fix or later, available for download at this location:
Chrome OS:Intel® Wireless Bluetooth® drivers resolving these vulnerabilities were up streamed to Chromium on April 14th, 2020.
For any Google Chrome OS solution and schedule, please contact Google directly.
Linux OS:
Intel® Wireless Bluetooth® drivers resolving these vulnerabilities were up streamed on April 14th, 2020.
Consult the regular Open Source channels to obtain this update.
Vulnerable software versionsIntel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
