CVE-2023-28714 — Improper Access Control in Intel Proset Wireless Wifi

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.7MEDIUMNVD

CNA8.2

EPSS

0.0%

top 87.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Proset Wireless Wifi Intel Proset Wireless Wifi Software FOR Windows

Timeline

PublishedAug 11

Description

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel_proset/wireless_wifi_software_for_windowsbefore version 22.220 HF (Hot Fix)

▶NVDintel/proset_wireless_wifi< 22.220.0

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-28714: Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22↗2023-08-11

▶

GHSA

GHSA-6p5j-fmww-gq26: Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22↗2023-08-11

▶