Vulnerability CVE-2021-0179

Vulnerability Name:

CVE-2021-0179 (CCN-219055)

Assigned:

2020-10-22

Published:

2022-02-08

Updated:

2022-02-15

Summary:

Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI):
Scope:	Scope (S):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI):
Scope:	Scope (S):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

3.3 Low (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-0179

Source: XF
Type: UNKNOWN
intel-cve20210179-dos(219055)

Source: CCN
Type: Lenovo Security Advisory: LEN-62745
Intel PROSet Wireless Wi-Fi, Intel AMT Wireless and Killer Wi-Fi Software Advisory

Source: CCN
Type: INTEL-SA-00539
Intel PROSet/Wireless Wi-Fi, Intel AMT Wireless and Killer Wi-Fi Software Advisory

Source: MISC
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:intel:amt_ac_8260_firmware:*:*:*:*:*:*:*:* (Version < 11.8.90)

AND

cpe:/h:intel:amt_ac_8260:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:intel:amt_ac_8265_firmware:*:*:*:*:*:*:*:* (Version < 11.8.90)

AND

cpe:/h:intel:amt_ac_8265:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:intel:amt_ac_9260_firmware:*:*:*:*:*:*:*:* (Version < 12.0.85)

AND

cpe:/h:intel:amt_ac_9260:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:intel:amt_ac_9560_firmware:*:*:*:*:*:*:*:* (Version < 12.0.85)

AND

cpe:/h:intel:amt_ac_9560:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:intel:amt_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version < 12.0.85)

OR cpe:/o:intel:amt_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version >= 14.0.0 and < 14.1.60)

OR cpe:/o:intel:amt_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.35)

AND

cpe:/h:intel:amt_wi-fi_6_ax200:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:intel:amt_wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:* (Version >= 14.0.0 and < 14.1.60)

OR cpe:/o:intel:amt_wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.35)

AND

cpe:/h:intel:amt_wi-fi_6_ax201:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:intel:amt_wi-fi_6_ax210_firmware:*:*:*:*:*:*:*:* (Version < 15.0.35)

AND

cpe:/h:intel:amt_wi-fi_6_ax210:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/o:intel:proset_ac_3165_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_3165:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:intel:proset_ac_3168_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_3168:-:*:*:*:*:*:*:*

Configuration 10:

cpe:/o:intel:proset_ac_8260_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_8260:-:*:*:*:*:*:*:*

Configuration 11:

cpe:/o:intel:proset_ac_8265_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_8265:-:*:*:*:*:*:*:*

Configuration 12:

cpe:/o:intel:proset_ac_9260_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_9260:-:*:*:*:*:*:*:*

Configuration 13:

cpe:/o:intel:proset_ac_9461_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_9461:-:*:*:*:*:*:*:*

Configuration 14:

cpe:/o:intel:proset_ac_9462_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_9462:-:*:*:*:*:*:*:*

Configuration 15:

cpe:/o:intel:proset_ac_9560_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_ac_9560:-:*:*:*:*:*:*:*

Configuration 16:

cpe:/o:intel:proset_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_wi-fi_6_ax200:-:*:*:*:*:*:*:*

Configuration 17:

cpe:/o:intel:proset_wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_wi-fi_6_ax201:-:*:*:*:*:*:*:*

Configuration 18:

cpe:/o:intel:proset_wi-fi_6e_ax210_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_wi-fi_6e_ax210:-:*:*:*:*:*:*:*

Configuration 19:

cpe:/o:intel:proset_wireless_7265_(rev_d)_firmware:*:*:*:*:*:*:*:* (Version < 22.60)

AND

cpe:/h:intel:proset_wireless_7265_(rev_d):-:*:*:*:*:*:*:*

Configuration 20:

cpe:/o:intel:killer_ac_1550_firmware:*:*:*:*:*:*:*:* (Version < 3.0)

AND

cpe:/h:intel:killer_ac_1550:-:*:*:*:*:*:*:*

Configuration 21:

cpe:/o:intel:killer_wi-fi_6_ax1650_firmware:*:*:*:*:*:*:*:* (Version < 3.0)

AND

cpe:/h:intel:killer_wi-fi_6_ax1650:-:*:*:*:*:*:*:*

Configuration 22:

cpe:/o:intel:killer_wi-fi_6e_ax1675_firmware:*:*:*:*:*:*:*:* (Version < 3.0)

AND

cpe:/h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*

OR cpe:/h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2021-0179 (CCN-250282)

Assigned:

2020-10-22

Published:

2023-03-15

Updated:

2023-03-15

Summary:

NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI):
Scope:	Scope (S):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI):
Scope:	Scope (S):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete