SB2020111101 - Multiple vulnerabilities in Intel PROSet/Wireless WiFi products 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020111101

SB2020111101 - Multiple vulnerabilities in Intel PROSet/Wireless WiFi products

Published: November 11, 2020

Security Bulletin ID SB2020111101
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

High 33% Medium 50% Low 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2020-12313)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper management of internal resources in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send specially crafted traffic to the system and execute arbitrary code.

The vulnerability affects firmware on the following operating systems:

  • Windows 10
  • Linux OS
  • Chrome OS

2) Improper input validation (CVE-ID: CVE-2020-12314)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send  specially crafted traffic to the system and perform a denial of service (DoS) attack.

The vulnerability affects firmware on the following operating systems:

  • Windows 10

3) Security restrictions bypass (CVE-ID: CVE-2020-12318)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

The vulnerability affects firmware on the following operating systems:

  • Windows 10

4) Memory corruption (CVE-ID: CVE-2020-12317)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send specially crafted traffic, trigger memory corruption to the system and execute arbitrary code.

The vulnerability affects firmware on the following operating systems:

  • Windows 10
  • Linux OS
  • Chrome OS

5) Resource management error (CVE-ID: CVE-2020-12319)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in some Intel(R) PROSet/Wireless WiFi products before version 21.110. A remote attacker on the local network can send specially crafted traffic to the system and perform a denial of service (DoS) attack.

The vulnerability affects firmware on the following operating systems:

  • Windows 10
  • Linux OS
  • Chrome OS

6) Key management errors (CVE-ID: CVE-2017-13080)

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Remediation

Install update from vendor's website.

References