CVE-2024-28049

CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 83.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Killer Intel Proset\/wireless Wifi Intel(r) Proset Wireless Software AND Intel(r) Killer(tm) Wi-fi Wireless Products

Timeline

PublishedNov 13

Description

Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5intel(r)_proset/wireless_software_and_intel(r)_killer(tm)_wi-fi_wireless_productsbefore version 23.40

▶NVDintel/proset\/wireless_wifi< 23.40.0

▶NVDintel/killer< 23.40.0

▶Debianfirmware-nonfree< 20240610-1+1

🔴Vulnerability Details

GHSA

GHSA-wpcc-2qm5-qrcg: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23↗2024-11-13

▶

OSV

CVE-2024-28049: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23↗2024-11-13

▶

CVEList

CVE-2024-28049: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23↗2024-11-13

▶

📋Vendor Advisories

Debian

CVE-2024-28049: firmware-nonfree - Improper input validation in firmware for some Intel(R) PROSet/Wireless Software...↗2024

▶