CVE-2021-33115 — Improper Input Validation in Intel Uefi Wifi Driver

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Uefi Wifi Driver Intel Proset Wireless Wifi IN Uefi

Timeline

PublishedFeb 9

Latest updateFeb 11

Description

Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel_proset/wireless_wifi_in_uefiSee references

▶NVDintel/uefi_wifi_driver< 1.2.8.21337

🔴Vulnerability Details

GHSA

GHSA-22v8-m2j9-v5f6: Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privile↗2022-02-11

▶

CVEList

CVE-2021-33115: Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privile↗2022-02-09

▶

OSV

CVE-2021-33115: Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privile↗2022-02-09

▶