Multiple vulnerabilities in Intel PROSet/Wireless WiFi and Killer WiFi
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2022-27635 CVE-2022-40964 CVE-2022-46329 CVE-2022-36351 CVE-2022-38076 |
| CWE-ID | CWE-284 CWE-693 CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Wi-Fi 6 AX2011 Hardware solutions / Drivers Wi-Fi 6E AX4111 Hardware solutions / Drivers Wi-Fi 6E AX2111 Hardware solutions / Drivers Wi-Fi 6E AX2102 Hardware solutions / Drivers Wireless-AC 95601 Hardware solutions / Drivers Wireless-AC 94621 Hardware solutions / Drivers Wireless-AC 9461 Hardware solutions / Drivers Killer Wireless-AC 1550i/s1 Hardware solutions / Firmware Killer Wi-Fi 6E AX1690i/s1 Hardware solutions / Firmware Killer Wi-Fi 6E AX1675x/w2 Hardware solutions / Firmware Killer Wi-Fi 6E AX1675i/s1 Hardware solutions / Firmware Killer Wi-Fi 6 AX1650i/s Hardware solutions / Firmware Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX101 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wi-Fi 6 AX203 Hardware solutions / Firmware Intel Wi-Fi 6E AX411 Hardware solutions / Firmware Intel Wi-Fi 6E AX211 Hardware solutions / Firmware Intel Wi-Fi 6E AX210 Hardware solutions / Firmware Killer Wi-Fi 6 AX1650 Hardware solutions / Firmware Killer Wi-Fi 6E AX1690 Hardware solutions / Firmware Killer Wi-Fi 6E AX1675 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Killer Wireless-AC 1550 Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU79501
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27635
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsWi-Fi 6 AX2011: before 22.200
Wi-Fi 6E AX4111: before 22.200
Wi-Fi 6E AX2111: before 22.200
Wi-Fi 6E AX2102: before 22.200
Wireless-AC 95601: before 22.200
Wireless-AC 94621: before 22.200
Wireless-AC 9461: before 22.200
Killer Wireless-AC 1550i/s1: before 3.2.20.23023
Killer Wi-Fi 6E AX1690i/s1: before 3.2.20.23023
Killer Wi-Fi 6E AX1675x/w2: before 3.2.20.23023
Killer Wi-Fi 6E AX1675i/s1: before 3.2.20.23023
Killer Wi-Fi 6 AX1650i/s: before 3.2.20.23023
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU79502
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40964
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsWi-Fi 6 AX2011: before 22.200
Wi-Fi 6E AX4111: before 22.200
Wi-Fi 6E AX2111: before 22.200
Wi-Fi 6E AX2102: before 22.200
Wireless-AC 95601: before 22.200
Wireless-AC 94621: before 22.200
Wireless-AC 9461: before 22.200
Killer Wireless-AC 1550i/s1: before 3.2.20.23023
Killer Wi-Fi 6E AX1690i/s1: before 3.2.20.23023
Killer Wi-Fi 6E AX1675x/w2: before 3.2.20.23023
Killer Wi-Fi 6E AX1675i/s1: before 3.2.20.23023
Killer Wi-Fi 6 AX1650i/s: before 3.2.20.23023
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Protection Mechanism Failure
EUVDB-ID: #VU79525
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-46329
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A local user can bypass implemented security restrictions and elevate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX201: before 22.200
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU79526
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36351
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX101: before 22.200
Intel Wi-Fi 6 AX201: before 22.200
Intel Wi-Fi 6 AX200: before 22.200
Intel Wi-Fi 6 AX203: before 22.200
Intel Wi-Fi 6E AX411: before 22.200
Intel Wi-Fi 6E AX211: before 22.200
Intel Wi-Fi 6E AX210: before 22.200
Killer Wi-Fi 6 AX1650: before 3.2.20.23023
Killer Wi-Fi 6E AX1690: before 3.2.20.23023
Killer Wi-Fi 6E AX1675: before 3.2.20.23023
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU79527
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38076
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wireless-AC 9560: before 22.200
Intel Wireless-AC 9462: before 22.200
Intel Wireless-AC 9461: before 22.200
Intel Wireless-AC 9260: before 22.200
Intel Dual Band Wireless-AC 3168: before 22.200
Intel Wireless 7265 (Rev D) Family: before 22.200
Intel Dual Band Wireless-AC 3165: before 22.200
Intel Dual Band Wireless-AC 8265: before 22.200
Intel Dual Band Wireless-AC 8260: before 22.200
Killer Wireless-AC 1550: before 3.2.20.23023
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
