SB2022081214 - Multiple vulnerabilities in Intel PROSet/Wireless WiFi and Killer WiFi

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022081214

SB2022081214 - Multiple vulnerabilities in Intel PROSet/Wireless WiFi and Killer WiFi

Published: August 12, 2022

Security Bulletin ID SB2022081214
Severity
Medium
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2022-21240)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local administrator trigger out-of-bounds read error and read contents of memory on the system.


2) Improper access control (CVE-ID: CVE-2022-21140)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local administrator can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.


3) Input validation error (CVE-ID: CVE-2022-21212)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.


4) Improper access control (CVE-ID: CVE-2021-23188)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.


5) Buffer overflow (CVE-ID: CVE-2022-21160)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.


6) Input validation error (CVE-ID: CVE-2022-21197)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


7) Inadequate Encryption Strength (CVE-ID: CVE-2022-21139)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to inadequate encryption strength. A remote attacker on the local network can gain elevated privileges on the target system.


8) Out-of-bounds write (CVE-ID: CVE-2022-21172)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local administrator trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.


9) Out-of-bounds read (CVE-ID: CVE-2021-26254)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A local administrator can trigger out-of-bounds read error and cause a denial of service condition on the system.


10) Input validation error (CVE-ID: CVE-2021-44545)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.


11) Out-of-bounds read (CVE-ID: CVE-2021-23168)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A remote attacker on the local network can trigger out-of-bounds read error and cause a denial of service condition on the system.


12) Improper Initialization (CVE-ID: CVE-2021-23223)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.


13) Improper access control (CVE-ID: CVE-2021-37409)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local administrator can bypass implemented security restrictions and gain elevated privileges on the system.


14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-21181)

The vulnerability allows a local administrator to escalate privileges on the system.

The vulnerability exists due to improper input validation, which leads to security restrictions bypass and privilege escalation.


Remediation

Install update from vendor's website.

References