Intel® PROSet/Wireless WiFi Software Advisory

Summary:

A potential security vulnerability in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege.** Intel is releasing software updates to mitigate this potential vulnerability.**

Vulnerability Details:

CVEID: CVE-2020-0559

Description: Insecure inherited permissions in some Intel® PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected Products:

Intel® PROSet/Wireless WiFi software for the following products:

Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9462
Intel® Wireless-AC 9461
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel® Dual Band Wireless-AC 3168
Intel® Wireless 7265 (Rev D) Family
Intel® Dual Band Wireless-AC 3165

Recommendations:

Intel recommends updating Intel® PROSet/Wireless WiFi products running on Windows* 7 or 8.1 to version 21.40.5.1 or later.

Release version 21.40.5.1 is available for download at this location:

<https://www.intel.com/content/www/us/en/support/products/59485/network-and-i-o/wireless-networking.html&gt;

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.