Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

Lenovo Security Advisory: LEN-24443

Potential Impact: Elevation of Privilege, Denial of Service, Information Disclosure

Severity: High

Scope of Impact: Systems with specific versions of Intel® PROSet/Wireless WiFi Software

CVE Identifier: CVE-2006-7250, CVE-2007-3108, CVE-2007-4995, CVE-2007-5135, CVE-2008-5077, CVE-2008-7270, CVE-2009-0590, CVE-2009-0789, CVE-2009-1377, CVE-2009-1378, CVE-2009-1386, CVE-2009-1387, CVE-2009-2409, CVE-2009-3245, CVE-2009-4355, CVE-2010-0433, CVE-2010-0742, CVE-2010-4180, CVE-2010-4252, CVE-2010-5298, CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3566, CVE-2017-3735, CVE-2018-12177

Summary Description:

Due to vulnerabilities in OpenSSL version 0.9.8e compiled into the Cisco Compatible eXtensions (CCX) component, which is part of the Intel® PROSet/Wireless WiFi Software, Intel is announcing End-of-Life (EOL) support for CCX. The CCX component has been removed from the Intel® PROSet/Wireless WiFi Software v20.90.0.7 for Microsoft Windows 7, 8.1, and 10.

Updated 2019-02-28:

A potential security vulnerability in Intel® PROSet/Wireless WiFi Software may allow escalation of privilege (CVE-2018-12177).

Mitigation Strategy for Customers (what you should do to protect yourself):

Intel recommends updating to the Intel® PROSet/Wireless WiFi Software version indicated for your model in the Product Impact section below.

Product Impact: