Intel Security CenterINTEL:INTEL-SA-00539Intel® PROSet/Wireless Wi-Fi, Intel® AMT Wireless and Killer™ Wi-Fi Software Advisory
0.001 Low
EPSS
Percentile
26.5%
Summary:
Potential security vulnerabilities in some Intel® PROSet/Wireless Wi-Fi, Intel® Active Management Technology (Intel® AMT) Wireless and Killer™ Wi-Fi may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2021-0162
Description: Improper input validation in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEID: CVE-2021-0163
Description: Improper Validation of Consistency within input in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEID: CVE-2021-0161
Description: Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2021-0164
Description: Improper access control in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CVEID: CVE-2021-0165
Description: Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0066
Description: Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.2 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVEID: CVE-2021-0166
Description: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
CVEID: CVE-2021-0167
Description: Improper access control in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0169
Description: Uncontrolled Search Path Element in software for Intel® PROSet/Wireless Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0168
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0170
Description: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2021-0171
Description: Improper access control in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2021-0172
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0173
Description: Improper Validation of Consistency within input in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0174
Description: Improper Use of Validation Framework in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0175
Description: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0076
Description: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2021-0176
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2021-0177
Description: Improper Validation of Consistency within input in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2021-0178
Description: Improper input validation in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2021-0179
Description: Improper Use of Validation Framework in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2021-0183
Description: Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2021-0072
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 4.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products:
Intel® PROSet/Wireless Wi-Fi products:
- Intel® Wi-Fi 6E AX210
- Intel® Wi-Fi 6 AX201
- Intel® Wi-Fi 6 AX200
- Intel® Wireless-AC 9560
- Intel® Wireless-AC 9462
- Intel® Wireless-AC 9461
- Intel® Wireless-AC 9260
- Intel® Dual Band Wireless-AC 8265
- Intel® Dual Band Wireless-AC 8260
- Intel® Dual Band Wireless-AC 3168
- Intel® Wireless 7265 (Rev D) Family
- Intel® Dual Band Wireless-AC 3165
Intel® AMT Wireless products:
- Intel® Wi-Fi 6 AX210
- Intel® Wi-Fi 6 AX201
- Intel® Wi-Fi 6 AX200
- Intel® Wireless-AC 9560
- Intel® Wireless-AC 9260
- Intel® Dual Band Wireless-AC 8265
- Intel® Dual Band Wireless-AC 8260
Killer™ Wi-Fi products:
- Killer™ Wi-Fi 6E AX1675
- Killer™ Wi-Fi 6 AX1650
- Killer™ Wireless-AC 1550
Recommendations:
Windows:
Intel recommends updating the Intel® PROSet/Wireless Wi-Fi software to version 22.60 or later.
Updates are available for download at these locations:
Intel® PROSet/Wireless Wi-Fi version 22.60 or later:
Intel recommends updating the Killer™ Wi-Fi software to version 3.0 (Production version) or later.
Updates for Killer™ products are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html>
UEFI:
Intel recommends updating the Wi-Fi drivers in UEFI to version 1.2.6 or later.
Please contact your OEM support group to obtain the correct driver version.
Chrome OS:
Intel® PROSet/Wireless Wi-Fi drivers to mitigate these vulnerabilities are up streamed to Chromium.
For any Google Chrome OS solution and schedule, please contact Google directly.
Linux OS:
Intel® PROSet/Wireless Wi-Fi drivers to mitigate these vulnerabilities are up streamed to Linux.
Consult the regular Open Source channels to obtain this update.
Recommendation for Intel® AMT Wireless products:
Intel recommends updating Intel® AMT Wireless products to the following versions.
Chipset/SoC
|
Mitigated Intel® AMT Version or higher
|
Device
—|—|—
11th Generation Intel® Core Processor****
|
15.0.35
|
Intel® Wi-Fi 6 AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
10th Generation Intel® Core Processor****
|
14.1.60
|
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
9th Generation Intel® Core Processor****
|
12.0.85
|
Intel® Wireless-AC 9260
Intel® Wireless-AC 9560
Intel® Wi-Fi 6 AX200
8th Generation Intel® Core Processor****
|
12.0.85
|
Intel® Wireless-AC 9260
Intel® Wireless-AC 9560
Intel® Wi-Fi 6 AX200
7th Generation Intel® Core Processor
6th Generation Intel® Core Processor****
|
11.8.90
|
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel recommends that users of Intel® vPRO® CSME WiFi products update to the latest version provided by the system manufacturer that addresses these issues.
Acknowledgements:
These issues were found internally by Intel employees. Intel would like to thank Yaakov Cohen and Hareesh Khattri.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Related
