A potential security vulnerability in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege.** Intel is releasing software updates to mitigate this potential vulnerability.**
CVEID: CVE-2020-0559
Description: Insecure inherited permissions in some Intel® PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Intel® PROSet/Wireless WiFi software for the following products:
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9462
Intel® Wireless-AC 9461
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel® Dual Band Wireless-AC 3168
Intel® Wireless 7265 (Rev D) Family
Intel® Dual Band Wireless-AC 3165
Intel recommends updating Intel® PROSet/Wireless WiFi products running on Windows* 7 or 8.1 to version 21.40.5.1 or later.
Release version 21.40.5.1 is available for download at this location:
Intel would like to thank Marius Gabriel Mihai for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.