CVE-2021-0065 — Incorrect Default Permissions in Intel 7265 Firmware

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 88.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel 7265 Firmware Intel AC 3165 Firmware Intel AC 3168 Firmware +10 more

Timeline

PublishedNov 17

Latest updateMay 24

Description

Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

▶CVEListV5intel_proset/wireless_wifi_software_installer_for_windows_10before version 22.40

▶NVDintel/7265_firmware< 22.40

▶NVDintel/ax200_firmware< 22.40

▶NVDintel/ax201_firmware< 22.40

▶NVDintel/ax210_firmware< 22.40

🔴Vulnerability Details

GHSA

GHSA-3c8p-8vwf-25g8: Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22↗2022-05-24

▶

CVEList

CVE-2021-0065: Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22↗2021-11-17

▶