Multiple vulnerabilities in Intel WIFI Drivers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-11151 CVE-2019-11152 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware Intel WIFI Drivers Hardware solutions / Drivers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU22980
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-11151
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error. A local user can trigger memory corruption and enable escalation of privilege, denial of service and information disclosure.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: All versions
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
Intel WIFI Drivers: before 21.40
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9560:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9462:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9461:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9260:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_8265:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:dual_band_wireless-ac_8260:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3168:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless_7265_rev_d_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3165:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wifi_drivers:*:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K89105210?utm_source=f5support&utm_medium=RSS
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00287.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU22981
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-11152
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a boundary error. An attacker on adjacent network can trigger memory corruption and enable escalation of privilege, denial of service and information disclosure.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: All versions
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
Intel WIFI Drivers: before 21.40
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9560:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9462:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9461:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless-ac_9260:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_8265:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:dual_band_wireless-ac_8260:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3168:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wireless_7265_rev_d_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3165:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_wifi_drivers:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00287.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
