Multipel vulnerabilities in Intel Wireless Bluetooth products



Published: 2020-11-16
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-12321
CVE-2020-12322
CWE-ID CWE-119
CWE-20
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
Intel Wireless Bluetooth
Client/Desktop applications / Other client software

Intel Wi-Fi 6 AX201
Hardware solutions / Firmware

Intel Wi-Fi 6 AX200
Hardware solutions / Firmware

Intel Wireless-AC 9560
Hardware solutions / Firmware

Intel Wireless-AC 9462
Hardware solutions / Firmware

Intel Wireless-AC 9461
Hardware solutions / Firmware

Intel Wireless-AC 9260
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 8265
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 8260
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 3168
Hardware solutions / Firmware

Intel Wireless 7265 (Rev D) Family
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 3165
Hardware solutions / Firmware

Vendor Intel

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU48422

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-12321

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wireless Bluetooth: before 21.110

Intel Wi-Fi 6 AX201: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wireless-AC 9560: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9260: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Dual Band Wireless-AC 8260: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3165: All versions

before 21.110
CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Input Validation

EUVDB-ID: #VU48423

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-12322

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wireless Bluetooth: before 21.110

Intel Wi-Fi 6 AX201: All versions

Intel Wi-Fi 6 AX200: All versions

Intel Wireless-AC 9560: All versions

Intel Wireless-AC 9462: All versions

Intel Wireless-AC 9461: All versions

Intel Wireless-AC 9260: All versions

Intel Dual Band Wireless-AC 8265: All versions

Intel Dual Band Wireless-AC 8260: All versions

Intel Dual Band Wireless-AC 3168: All versions

Intel Wireless 7265 (Rev D) Family: All versions

Intel Dual Band Wireless-AC 3165: All versions

before 21.110
CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###