Details of VAR-202008-0073

ID

VAR-202008-0073

CVE

CVE-2020-0559

TITLE

plural Intel(R) PROSet/Wireless WiFi Inappropriate default permissions in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-009530

DESCRIPTION

Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) PROSet/Wireless WiFi The product contains a vulnerability related to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel PROSet/Wireless WiFi Software is a wireless network card driver of Intel Corporation. A security vulnerability exists in Intel PROSet/Wireless WiFi (Windows 7 and 8.1). An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Wi-Fi 6 AX201 before 21.40.5.1; Wi-Fi 6 AX200 before 21.40.5.1; Wireless-AC 9560 before 21.40.5.1; Wireless-AC 9462 before 21.40.5.1; Wireless-AC 9461 prior to 21.40.5.1; Wireless-AC 9260 prior to 21.40.5.1; Dual Band Wireless-AC 8265 prior to 21.40.5.1; Dual Band Wireless-AC 8260 prior to 21.40.5.1; Dual Band Wireless-AC 3168 Prior to 21.40.5.1; Wireless 7265 (Rev D) Family prior to 21.40.5.1; Dual Band Wireless-AC 3165 prior to 21.40.5.1

Trust: 1.71

sources: NVD: CVE-2020-0559 // JVNDB: JVNDB-2020-009530 // VULHUB: VHN-161993

AFFECTED PRODUCTS

vendor:	intel	model:	celeron n2808	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 7265	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	ac 9260	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron n3000	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n3700	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j4005	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2805	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium j3710	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ax201	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron n3160	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n6210	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n4200	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4505	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium j2850	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2815	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4100	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3455e	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium j2900	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium j4205	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3350e	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2806	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3350	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3355	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 3165	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron j3455	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	atom x5-e3940	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j1900	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4000	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2920	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 8265	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron n2930	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4020	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3060	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j4105	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2830	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 9462	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron n2807	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3050	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3450	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j4125	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 8260	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron j6413	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n3520	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j6412	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 9560	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron n2940	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2840	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n6211	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3060	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 3168	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron j1750	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n3710	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3010	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	atom x5-e3930	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n3510	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	atom x7-e3950	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2810	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2820	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ax200	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	celeron n2910	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n3530	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4120	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n5100	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n5105	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3160	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4500	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3150	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n3540	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium j6426	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 9461	scope:	lt	version:	21.40.5.1	Trust: 1.0
vendor:	intel	model:	pentium n4200e	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium n6415	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3355e	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j1850	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j4025	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j1800	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ac 3165	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 3168	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 7265	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 8260	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 8265	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 9260	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 9461	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 9462	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ac 9560	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ax200	scope:	eq	version:	21.40.5.1	Trust: 0.8
vendor:	intel	model:	ax201	scope:	eq	version:	21.40.5.1	Trust: 0.8

sources: JVNDB: JVNDB-2020-009530 // NVD: CVE-2020-0559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0559
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-009530
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-582
value:	HIGH
Trust: 0.6
VULHUB:	VHN-161993
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-0559
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009530
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-161993
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-0559
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009530
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-161993 // JVNDB: JVNDB-2020-009530 // CNNVD: CNNVD-202008-582 // NVD: CVE-2020-0559

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-276	Trust: 0.9

sources: VULHUB: VHN-161993 // JVNDB: JVNDB-2020-009530 // NVD: CVE-2020-0559

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-582

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-582

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009530

PATCH

title:	INTEL-SA-00355	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00355.html	Trust: 0.8
title:	Intel PROSet/Wireless WiFi Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126448	Trust: 0.6

sources: JVNDB: JVNDB-2020-009530 // CNNVD: CNNVD-202008-582

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0559	Trust: 2.5
db:	JVN	id:	JVNVU99606488	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009530	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-582	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3988	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2771	Trust: 0.6
db:	LENOVO	id:	LEN-36230	Trust: 0.6
db:	VULHUB	id:	VHN-161993	Trust: 0.1

sources: VULHUB: VHN-161993 // JVNDB: JVNDB-2020-009530 // CNNVD: CNNVD-202008-582 // NVD: CVE-2020-0559

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00360.html	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00355.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0559	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0559	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99606488/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.3988/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2771/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-36230	Trust: 0.6

sources: VULHUB: VHN-161993 // JVNDB: JVNDB-2020-009530 // CNNVD: CNNVD-202008-582 // NVD: CVE-2020-0559

CREDITS

Marius Gabriel Mihai

Trust: 0.6

sources: CNNVD: CNNVD-202008-582

SOURCES

db:	VULHUB	id:	VHN-161993
db:	JVNDB	id:	JVNDB-2020-009530
db:	CNNVD	id:	CNNVD-202008-582
db:	NVD	id:	CVE-2020-0559

LAST UPDATE DATE

2024-11-23T21:35:21.172000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161993	date:	2022-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-009530	date:	2020-11-10T08:48:42
db:	CNNVD	id:	CNNVD-202008-582	date:	2022-04-29T00:00:00
db:	NVD	id:	CVE-2020-0559	date:	2024-11-21T04:53:45.603

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161993	date:	2020-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-009530	date:	2020-11-10T08:48:42
db:	CNNVD	id:	CNNVD-202008-582	date:	2020-08-11T00:00:00
db:	NVD	id:	CVE-2020-0559	date:	2020-08-13T04:15:12.913