Multiple vulnerabilities in Intel PROSet/Wireless WiFi products

1) Resource management error

EUVDB-ID: #VU48354

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12313

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper management of internal resources in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send specially crafted traffic to the system and execute arbitrary code.

The vulnerability affects firmware on the following operating systems:

• Windows 10
• Linux OS
• Chrome OS
  

Mitigation

Install update from vendor's  website.

Vulnerable software versions

Intel Dual Band Wireless-AC 3165: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Wireless-AC 9260: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9560: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU48355

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12314

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send  specially crafted traffic to the system and perform a denial of service (DoS) attack.

The vulnerability affects firmware on the following operating systems:

• Windows 10

Mitigation

Install update from vendor's  website.

Vulnerable software versions

Intel Dual Band Wireless-AC 3165: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Wireless-AC 9260: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9560: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU48356

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12318

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

The vulnerability affects firmware on the following operating systems:

• Windows 10

Mitigation

Install update from vendor's  website.

Vulnerable software versions

Intel Dual Band Wireless-AC 3165: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Wireless-AC 9260: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9560: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU48357

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12317

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send specially crafted traffic, trigger memory corruption to the system and execute arbitrary code.

The vulnerability affects firmware on the following operating systems:

• Windows 10
• Linux OS
• Chrome OS
  

Mitigation

Vulnerable software versions

Intel Dual Band Wireless-AC 3165: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Wireless-AC 9260: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9560: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU48358

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12319

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send specially crafted traffic to the system and perform a denial of service (DoS) attack.

The vulnerability affects firmware on the following operating systems:

• Windows 10
• Linux OS
• Chrome OS
  

Mitigation

Install update from vendor's  website.

Vulnerable software versions

Intel Dual Band Wireless-AC 3165: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Wireless-AC 9260: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9560: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Key management errors

EUVDB-ID: #VU8840

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Mitigation

Install update from vendor's  website.

Vulnerable software versions

Intel Dual Band Wireless-AC 3165: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Wireless-AC 9260: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9560: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wi-Fi 6 AX201: All versions

Intel Dual Band Wireless-AC 8260: 20.50.1.1 - 21.20.0

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.