Vulnerability identifier: #VU48422
Vulnerability risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Intel Wireless Bluetooth
Client/Desktop applications /
Other client software
Intel Wi-Fi 6 AX201
Hardware solutions /
Firmware
Intel Wi-Fi 6 AX200
Hardware solutions /
Firmware
Intel Wireless-AC 9560
Hardware solutions /
Firmware
Intel Wireless-AC 9462
Hardware solutions /
Firmware
Intel Wireless-AC 9461
Hardware solutions /
Firmware
Intel Wireless-AC 9260
Hardware solutions /
Firmware
Intel Dual Band Wireless-AC 8265
Hardware solutions /
Firmware
Intel Dual Band Wireless-AC 8260
Hardware solutions /
Firmware
Intel Dual Band Wireless-AC 3168
Hardware solutions /
Firmware
Intel Wireless 7265 (Rev D) Family
Hardware solutions /
Firmware
Intel Dual Band Wireless-AC 3165
Hardware solutions /
Firmware
Vendor: Intel
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Intel Wireless Bluetooth: All versions
Intel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: All versions
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.