ASA-2019-00338 – Intel PROSet/Wireless WiFi Software: Insufficient access control

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00338

Identifier(s)

ASA-2019-00338, CVE-2019-0136, INTEL-SA-00232

Title

Insufficient access control

Vendor(s)

Intel

Product(s)

Intel® PROSet/Wireless WiFi Software
Intel® Dual Band Wireless-AC 3160
Intel® Dual Band Wireless-AC 7260
Intel® Dual Band Wireless-N 7260
Intel® Wireless-N 7260
Intel® Dual Band Wireless-AC 7260 for Desktop
Intel® Dual Band Wireless-AC 7265 (Rev. C)
Intel® Dual Band Wireless-N 7265 (Rev. C)
Intel® Wireless-N 7265 (Rev. C)
Intel® Dual Band Wireless-AC 3165
Intel® Dual Band Wireless-AC 7265 (Rev. D)
Intel® Dual Band Wireless-N 7265 (Rev. D)
Intel® Wireless-N 7265 (Rev. D)
Intel® Dual Band Wireless-AC 3168
Intel® Tri-Band Wireless-AC 17265
Intel® Dual Band Wireless-AC 8260
Intel® Tri-Band Wireless-AC 18260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8265 Desktop Kit
Intel® Tri-Band Wireless-AC 18265
Intel® Wireless-AC 9560
Intel® Wireless-AC 9461
Intel® Wireless-AC 9462
Intel® Wireless-AC 9260
Intel® Wi-Fi 6 AX200
Intel® Wi-Fi 6 AX201

Affected version(s)

Intel® PROSet/Wireless WiFi Software releases before version 21.10 for Microsoft Windows 7, 8.1 and 10:

Intel® PROSet/Wireless WiFi Software
Intel® Dual Band Wireless-AC 3160
Intel® Dual Band Wireless-AC 7260
Intel® Dual Band Wireless-N 7260
Intel® Wireless-N 7260
Intel® Dual Band Wireless-AC 7260 for Desktop
Intel® Dual Band Wireless-AC 7265 (Rev. C)
Intel® Dual Band Wireless-N 7265 (Rev. C)
Intel® Wireless-N 7265 (Rev. C)
Intel® Dual Band Wireless-AC 3165
Intel® Dual Band Wireless-AC 7265 (Rev. D)
Intel® Dual Band Wireless-N 7265 (Rev. D)
Intel® Wireless-N 7265 (Rev. D)
Intel® Dual Band Wireless-AC 3168
Intel® Tri-Band Wireless-AC 17265
Intel® Dual Band Wireless-AC 8260
Intel® Tri-Band Wireless-AC 18260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8265 Desktop Kit
Intel® Tri-Band Wireless-AC 18265
Intel® Wireless-AC 9560
Intel® Wireless-AC 9461
Intel® Wireless-AC 9462
Intel® Wireless-AC 9260
Intel® Wi-Fi 6 AX200
Intel® Wi-Fi 6 AX201

For Google Chrome OS:

An Intel® WiFi driver resolving the vulnerability will be up streamed to Chromium on June 11th, 2019.

Intel® Dual Band Wireless-AC 7260
Intel® Dual Band Wireless-AC 7265 (Rev.D)
Intel® Wireless-AC 9560

For Linux OS:

An Intel® WiFi driver resolving the vulnerability will be up streamed on June 11th, 2019.

Intel® Dual Band Wireless-AC 3160
Intel® Dual Band Wireless-AC 7260
Intel® Dual Band Wireless-N 7260
Intel® Wireless-N 7260
Intel® Dual Band Wireless-AC 7260 for Desktop
Intel® Dual Band Wireless-AC 7265 (Rev. C)
Intel® Dual Band Wireless-N 7265 (Rev. C)
Intel® Wireless-N 7265 (Rev. C)
Intel® Dual Band Wireless-AC 3165
Intel® Dual Band Wireless-AC 7265 (Rev. D)
Intel® Dual Band Wireless-N 7265 (Rev. D)
Intel® Wireless-N 7265 (Rev. D)
Intel® Dual Band Wireless-AC 3168
Intel® Tri-Band Wireless-AC 17265
Intel® Dual Band Wireless-AC 8260
Intel® Tri-Band Wireless-AC 18260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8265 Desktop Kit
Intel® Tri-Band Wireless-AC 18265
Intel® Wireless-AC 9560
Intel® Wireless-AC 9461
Intel® Wireless-AC 9462
Intel® Wireless-AC 9260
Intel® Wi-Fi 6 AX200
Intel® Wi-Fi 6 AX201

Fixed version(s)

Intel® PROSet/Wireless WiFi Software release version 21.10 for Microsoft Windows 7, 8.1 and 10

An Intel® WiFi driver resolving the vulnerability will be up streamed to Chromium on June 11th, 2019.

For Linux OS, an Intel® WiFi driver resolving the vulnerability will be up streamed on June 11th, 2019.

Proof of concept

Unknown

Description

Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Technical details

Unknown

Credits

JPCERT

Reference(s)

Intel® PROSet/Wireless WiFi Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html

Download Intel® PROSet/Wireless Software and Wi-Fi Drivers
https://www.intel.com/content/www/us/en/support/articles/000005634/network-and-i-o/wireless-networking.html

CVE-2019-0136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0136

CVE-2019-0136
https://nvd.nist.gov/vuln/detail/CVE-2019-0136

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 13, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.