CVE-2020-12321 - Vulnerability Details

Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00285.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Dual Band Wireless-ac 3165 Dual Band Wireless-ac 3165 Firmware Dual Band Wireless-ac 3168 Dual Band Wireless-ac 3168 Firmware Dual Band Wireless-ac 8260 Dual Band Wireless-ac 8260 Firmware Dual Band Wireless-ac 8265 Dual Band Wireless-ac 8265 Firmware Wi-fi 6 Ax200 Wi-fi 6 Ax200 Firmware Wi-fi 6 Ax201 Wi-fi 6 Ax201 Firmware Wireless-ac 9260 Wireless-ac 9260 Firmware Wireless-ac 9461 Wireless-ac 9461 Firmware Wireless-ac 9462 Wireless-ac 9462 Firmware Wireless-ac 9560 Wireless-ac 9560 Firmware Wireless 7265 \(rev D\) Wireless 7265 \(rev D\) Firmware
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

AND

cpe:2.3:o:intel:dual_band_wireless-ac_3168_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_3168:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:dual_band_wireless-ac_8260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_8260:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:dual_band_wireless-ac_8265_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_8265:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:wireless-ac_9260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9260:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:wireless-ac_9461_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9461:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:wireless-ac_9462_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9462:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:intel:wireless-ac_9560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9560:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:intel:wireless_7265_\(rev_d\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless_7265_\(rev_d\):-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:intel:dual_band_wireless-ac_3165_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_3165:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
linux-firmware-0:20200421-80.git78c0348.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:0339	2021-02-02T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
linux-firmware-0:20190429-73.gitddde598.el7_7	cpe:/o:redhat:rhel_aus:7.7	RHSA-2022:7887	2022-11-09T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
linux-firmware-0:20190429-73.gitddde598.el7_7	cpe:/o:redhat:rhel_tus:7.7	RHSA-2022:7887	2022-11-09T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
linux-firmware-0:20190429-73.gitddde598.el7_7	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2022:7887	2022-11-09T00:00:00Z
Red Hat Enterprise Linux 8
linux-firmware-0:20200619-101.git3890db36.el8_3	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:5479	2020-12-15T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
linux-firmware-0:20190516-96.git711d3297.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2021:0183	2021-01-19T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
linux-firmware-0:20191202-99.gite8a0f4c9.el8_2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2020:5416	2020-12-15T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2020-12321
https://www.cve.org/CVERecord?id=CVE-2020-12321
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2020-11-12T18:12:10

Updated: 2024-08-04T11:56:51.329Z

Reserved: 2020-04-28T00:00:00

Link: CVE-2020-12321

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-12T18:15:14.533

Modified: 2024-11-21T04:59:30.700

Link: CVE-2020-12321

Redhat

Severity : Important

Publid Date: 2020-11-10T13:55:00Z

Links: CVE-2020-12321 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object