Multiple vulnerabilities in Intel PROSet/Wireless WiFi and Killer WiFi



Published: 2022-08-12
Risk Medium
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2022-21240
CVE-2022-21140
CVE-2022-21212
CVE-2021-23188
CVE-2022-21160
CVE-2022-21197
CVE-2022-21139
CVE-2022-21172
CVE-2021-26254
CVE-2021-44545
CVE-2021-23168
CVE-2021-23223
CVE-2021-37409
CVE-2022-21181
CWE-ID CWE-125
CWE-284
CWE-20
CWE-119
CWE-326
CWE-787
CWE-665
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Intel Wi-Fi 6E AX411
Hardware solutions / Firmware

Intel Wi-Fi 6E AX211
Hardware solutions / Firmware

Intel Wi-Fi 6E AX210
Hardware solutions / Firmware

Intel Wi-Fi 6 AX201
Hardware solutions / Firmware

Intel Wi-Fi 6 AX200
Hardware solutions / Firmware

Intel Wireless-AC 9560
Hardware solutions / Firmware

Intel Wireless-AC 9462
Hardware solutions / Firmware

Intel Wireless-AC 9461
Hardware solutions / Firmware

Intel Wireless-AC 9260
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 3168
Hardware solutions / Firmware

Intel Wireless 7265 (Rev D) Family
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 3165
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 8265
Hardware solutions / Firmware

Intel Dual Band Wireless-AC 8260
Hardware solutions / Firmware

Killer Wi-Fi 6E AX1690
Hardware solutions / Firmware

Killer Wi-Fi 6E AX1675
Hardware solutions / Firmware

Killer Wi-Fi 6 AX1650
Hardware solutions / Firmware

Killer Wireless-AC 1550
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU66438

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21240

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local administrator trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper access control

EUVDB-ID: #VU66446

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21140

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local administrator can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120

Intel Dual Band Wireless-AC 3168: before 22.120

Intel Wireless 7265 (Rev D) Family: before 22.120

Intel Dual Band Wireless-AC 3165: before 22.120

Intel Dual Band Wireless-AC 8265: before 22.120

Intel Dual Band Wireless-AC 8260: before 22.120

Killer Wi-Fi 6E AX1690: before 3.1122.1105

Killer Wi-Fi 6E AX1675: before 3.1122.1105

Killer Wi-Fi 6 AX1650: before 3.1122.1105

Killer Wireless-AC 1550: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU66445

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21212

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper access control

EUVDB-ID: #VU66444

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-23188

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120

Intel Dual Band Wireless-AC 3168: before 22.120

Intel Wireless 7265 (Rev D) Family: before 22.120

Intel Dual Band Wireless-AC 3165: before 22.120

Intel Dual Band Wireless-AC 8265: before 22.120

Intel Dual Band Wireless-AC 8260: before 22.120

Killer Wi-Fi 6E AX1690: before 3.1122.1105

Killer Wi-Fi 6E AX1675: before 3.1122.1105

Killer Wi-Fi 6 AX1650: before 3.1122.1105

Killer Wireless-AC 1550: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Buffer overflow

EUVDB-ID: #VU66443

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21160

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Input validation error

EUVDB-ID: #VU66442

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21197

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Inadequate Encryption Strength

EUVDB-ID: #VU66441

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21139

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to inadequate encryption strength. A remote attacker on the local network can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Out-of-bounds write

EUVDB-ID: #VU66437

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21172

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local administrator trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds read

EUVDB-ID: #VU66432

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-26254

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A local administrator can trigger out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Killer Wi-Fi 6E AX1690: before 3.1122.1105

Killer Wi-Fi 6E AX1675: before 3.1122.1105

Killer Wi-Fi 6 AX1650: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Input validation error

EUVDB-ID: #VU66431

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-44545

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Killer Wi-Fi 6E AX1690: before 3.1122.1105

Killer Wi-Fi 6E AX1675: before 3.1122.1105

Killer Wi-Fi 6 AX1650: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds read

EUVDB-ID: #VU66430

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-23168

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A remote attacker on the local network can trigger out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120

Intel Dual Band Wireless-AC 3168: before 22.120

Intel Wireless 7265 (Rev D) Family: before 22.120

Intel Dual Band Wireless-AC 3165: before 22.120

Intel Dual Band Wireless-AC 8265: before 22.120

Intel Dual Band Wireless-AC 8260: before 22.120

Killer Wi-Fi 6E AX1690: before 3.1122.1105

Killer Wi-Fi 6E AX1675: before 3.1122.1105

Killer Wi-Fi 6 AX1650: before 3.1122.1105

Killer Wireless-AC 1550: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Improper Initialization

EUVDB-ID: #VU66428

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-23223

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Killer Wi-Fi 6E AX1690: before 3.1122.1105

Killer Wi-Fi 6E AX1675: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Improper access control

EUVDB-ID: #VU66427

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-37409

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local administrator can bypass implemented security restrictions and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Wi-Fi 6E AX411: before 22.120

Intel Wi-Fi 6E AX211: before 22.120

Intel Wi-Fi 6E AX210: before 22.120

Intel Wi-Fi 6 AX201: before 22.120

Intel Wi-Fi 6 AX200: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120

Killer Wi-Fi 6E AX1690: before 3.1122.1105

Killer Wi-Fi 6E AX1675: before 3.1122.1105

Killer Wi-Fi 6 AX1650: before 3.1122.1105

Killer Wireless-AC 1550: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66426

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21181

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local administrator to escalate privileges on the system.

The vulnerability exists due to improper input validation, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Dual Band Wireless-AC 8265: before 22.120

Intel Dual Band Wireless-AC 8260: before 22.120

Intel Wireless-AC 9560: before 22.120

Intel Wireless-AC 9462: before 22.120

Intel Wireless-AC 9461: before 22.120

Intel Wireless-AC 9260: before 22.120

Killer Wireless-AC 1550: before 3.1122.1105


CPE2.3
External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###