Multiple vulnerabilities in Intel PROSet/Wireless WiFi Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2019-11153 CVE-2019-11156 CVE-2019-11155 CVE-2019-11154 |
| CWE-ID | CWE-119 CWE-840 CWE-276 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware Intel PROSet/Wireless WiFi Software for Windows Hardware solutions / Drivers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU22982
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11153
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error. A local user can trigger memory corruption and enable escalation of privilege, information disclosure and a denial of service.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: All versions
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 21.40
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9560:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9462:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9461:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_8265:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:dual_band_wireless-ac_8260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3168:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless_7265_rev_d_family:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3165:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00287.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Business Logic Errors
EUVDB-ID: #VU22985
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11156
CWE-ID:
CWE-840 - Business Logic Errors (3.0)
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to logical errors. A local user can enable escalation of privilege, denial of service, and information disclosure on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9461: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: All versions
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 21.40
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9560:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9462:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9461:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_8265:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:dual_band_wireless-ac_8260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3168:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless_7265_rev_d_family:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3165:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect default permissions
EUVDB-ID: #VU22984
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11155
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service (DoS) condition and information disclosure on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: All versions
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 21.40
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9560:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9462:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_8265:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:dual_band_wireless-ac_8260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3168:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless_7265_rev_d_family:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3165:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Incorrect default permissions
EUVDB-ID: #VU22983
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11154
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service (DoS) condition and information disclosure on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX201: All versions
Intel Wi-Fi 6 AX200: All versions
Intel Wireless-AC 9560: All versions
Intel Wireless-AC 9462: All versions
Intel Wireless-AC 9260: All versions
Intel Dual Band Wireless-AC 8265: All versions
Intel Dual Band Wireless-AC 8260: All versions
Intel Dual Band Wireless-AC 3168: All versions
Intel Wireless 7265 (Rev D) Family: All versions
Intel Dual Band Wireless-AC 3165: All versions
Intel PROSet/Wireless WiFi Software for Windows: before 21.40
CPE2.3- cpe:2.3:h:intel:intel_wi-fi_6_ax201:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wi-fi_6_ax200:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9560:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9462:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless-ac_9260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_8265:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:dual_band_wireless-ac_8260:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3168:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_wireless_7265_rev_d_family:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_dual_band_wireless-ac_3165:*:*:*:*:*:*:*:
- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
