Intel ID: |
INTEL-SA-00182 |
Advisory Category: |
Software |
Impact of vulnerability: |
Escalation of Privilege |
Severity rating: |
HIGH |
Original release: |
01/08/2019 |
Last revised: |
01/08/2019 |
Summary:
A potential security vulnerability in Intel® PROSet/Wireless WiFi Software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID:
CVE-2018-12177
Description: Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.8 High
CVSS Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
Intel wireless products and technologies before 20.90.0.7.
· Intel® Dual Band Wireless-AC 3160
· Intel® Dual Band Wireless-AC 7260
· Intel® Dual Band Wireless-N 7260
· Intel® Wireless-N 7260
· Intel® Dual Band Wireless-AC 7260 for Desktop
· Intel® Dual Band Wireless-AC 7265 (Rev. C)
· Intel® Dual Band Wireless-N 7265 (Rev. C)
· Intel® Wireless-N 7265 (Rev. C)
· Intel® Dual Band Wireless-AC 3165
· Intel® Dual Band Wireless-AC 7265 (Rev. D)
· Intel® Dual Band Wireless-N 7265 (Rev. D)
· Intel® Wireless-N 7265 (Rev. D)
· Intel® Dual Band Wireless-AC 3168
· Intel® Tri-Band Wireless-AC 17265
· Intel® Dual Band Wireless-AC 8260
· Intel® Tri-Band Wireless-AC 18260
· Intel® Dual Band Wireless-AC 8265
· Intel® Dual Band Wireless-AC 8265 Desktop Kit
· Intel® Tri-Band Wireless-AC 18265
· Intel® Wireless-AC 9560
· Intel® Wireless-AC 9461
· Intel® Wireless-AC 9462
· Intel® Wireless-AC 9260
Recommendations:
Intel recommends updating the Intel® PROSet/Wireless WiFi Software to 20.90.0.7 or later.
Updates are available for download at these locations:
· Check with your system manufacturer support site for the latest available verion, 20.90.0.7 or later.
Or
·
https://downloadcenter.intel.com/pro...eless-Software
Acknowledgements:
Intel would like to thank Thomas Hibbert of Insomnia Security for reporting this issue and working with us on coordinated disclosure.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.
Revision History
Revision |
Date |
Description |
1.0 |
01/08/2019 |
Initial Release |