Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2020-26555 CVE-2020-26558 |
CWE-ID | CWE-284 CWE-254 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
Killer Wireless-AC 1550 Hardware solutions / Firmware Killer Wi-Fi 6 AX1650 Hardware solutions / Firmware Killer Wi-Fi 6E AX1675 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX210 Hardware solutions / Firmware |
Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU53578
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26555
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Bluetooth legacy BR/EDR PIN code pairing. An attacker with physical access can spoof the BD_ADDR of the peer device and complete pairing without knowledge of the PIN.
MitigationInstall update from vendor's website.
Vulnerable software versionsKiller Wireless-AC 1550: before 22.50
Killer Wi-Fi 6 AX1650: before 22.50
Killer Wi-Fi 6E AX1675: before 22.50
Intel Dual Band Wireless-AC 3165: before 22.50
Intel Wireless 7265 (Rev D) Family: before 22.50
Intel Dual Band Wireless-AC 3168: before 22.50
Intel Dual Band Wireless-AC 8260: before 22.50
Intel Dual Band Wireless-AC 8265: before 22.50
Intel Wireless-AC 9260: before 22.50
Intel Wireless-AC 9461: before 22.50
Intel Wireless-AC 9462: before 22.50
Intel Wireless-AC 9560: before 22.50
Intel Wi-Fi 6 AX200: before 22.50
Intel Wi-Fi 6 AX201: before 22.50
Intel Wi-Fi 6 AX210: before 22.50
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53579
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26558
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.
Note: This vulnerability affects the following specifications:
Mitigation
Install update from vendor's website.
Vulnerable software versionsKiller Wireless-AC 1550: before 22.50
Killer Wi-Fi 6 AX1650: before 22.50
Killer Wi-Fi 6E AX1675: before 22.50
Intel Dual Band Wireless-AC 3165: before 22.50
Intel Wireless 7265 (Rev D) Family: before 22.50
Intel Dual Band Wireless-AC 3168: before 22.50
Intel Dual Band Wireless-AC 8260: before 22.50
Intel Dual Band Wireless-AC 8265: before 22.50
Intel Wireless-AC 9260: before 22.50
Intel Wireless-AC 9461: before 22.50
Intel Wireless-AC 9462: before 22.50
Intel Wireless-AC 9560: before 22.50
Intel Wi-Fi 6 AX200: before 22.50
Intel Wi-Fi 6 AX201: before 22.50
Intel Wi-Fi 6 AX210: before 22.50
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.