CVE-2021-0064 — Incorrect Permission Assignment in Intel 7265 Firmware

CWE-732 — Incorrect Permission Assignment CWE-281 — Improper Preservation of Permissions3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 88.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel 7265 Firmware Intel AC 3165 Firmware Intel AC 3168 Firmware +10 more

Timeline

PublishedNov 17

Latest updateNov 18

Description

Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

▶CVEListV5intel_proset/wireless_wifi_software_installer_for_windows_10before version 22.40

▶NVDintel/7265_firmware< 22.40

▶NVDintel/ax200_firmware< 22.40

▶NVDintel/ax201_firmware< 22.40

▶NVDintel/ax210_firmware< 22.40

🔴Vulnerability Details

GHSA

GHSA-fg56-pqv7-fm98: Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22↗2021-11-18

▶

CVEList

CVE-2021-0064: Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22↗2021-11-17

▶