Multiple vulnerabilities in Intel PROSet/Wireless Wi-Fi software



Published: 2024-08-20
Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2023-38654
CVE-2023-47859
CVE-2023-47210
CVE-2023-45845
CVE-2023-38417
CVE-2023-40536
CWE-ID CWE-20
CWE-284
CWE-754
CWE-362
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		Intel PROSet/Wireless WiFi Software for Windows
Hardware solutions / Drivers

Intel PROSet/Wireless WiFi software for Linux
Hardware solutions / Drivers

Vendor

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU96260

Risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38654

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi Software for Windows: before 23.20

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU96261

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47859

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to crash the system.

The vulnerability exists due to improper access restrictions. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi Software for Windows: before 23.20

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU96262

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47210

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi software for Linux: before 23.20

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU96263

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45845

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi Software for Windows: before 23.20

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU96264

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi Software for Windows: before 23.20

Intel PROSet/Wireless WiFi software for Linux: before 23.20

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Race condition

EUVDB-ID: #VU96265

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40536

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a race condition. A local user can exploit the race and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel PROSet/Wireless WiFi Software for Windows: before 23.20

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###