CVE-2020-24458 - OpenCVE

Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:S/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Ac 1550 Ac 9461 Ac 9462 Ac 9560 Ax1650 Ax200 Ax201 Killer Proset\/wireless Wifi

Configuration 1 [-]

AND

cpe:2.3:a:intel:proset\/wireless_wifi:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:ac_9461:-:::::::*
	cpe:2.3:h:intel:ac_9462:-:::::::*
	cpe:2.3:h:intel:ac_9560:-:::::::*
	cpe:2.3:h:intel:ax200:-:::::::*
	cpe:2.3:h:intel:ax201:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:ac_1550:-:::::::*
	cpe:2.3:h:intel:ax1650:-:::::::*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00448.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2021-02-17T13:45:47

Updated: 2024-08-04T15:12:08.979Z

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24458

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-17T14:15:16.547

Modified: 2021-02-23T14:51:19.953

Link: CVE-2020-24458

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers", "vendor": "n/a", "versions": [{"status": "affected", "version": "before version 22.0"}]}], "descriptions": [{"lang": "en", "value": "Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access."}], "problemTypes": [{"descriptions": [{"description": "information disclosure and denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-17T13:45:47", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00448.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-24458", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers", "version": {"version_data": [{"version_value": "before version 22.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure and denial of service"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00448.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00448.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.979Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00448.html"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-24458", "datePublished": "2021-02-17T13:45:47", "dateReserved": "2020-08-19T00:00:00", "dateUpdated": "2024-08-04T15:12:08.979Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:proset\\/wireless_wifi:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B8EB57D-A52E-4D12-8B1D-B8142B9103A9", "versionEndExcluding": "22.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*", "matchCriteriaId": "A11E55E8-5FA9-4ED7-AB61-03F22EE1759B", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E89EB0D-233A-486A-BDAE-F5726432CD7E", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*", "matchCriteriaId": "D382D4A1-C8FD-4B47-B2C4-145232EC8AC5", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9903E2E-A670-40D4-8B9F-D2C0CFDBFC9F", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*", "matchCriteriaId": "4649D446-130B-4B31-B9ED-BA7F9F7EEB8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*", "matchCriteriaId": "53CA56F3-21D9-4469-B698-4F9C2B662624", "versionEndExcluding": "22.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*", "matchCriteriaId": "12419474-DB56-462D-9116-3614A4BBAF20", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8B944F7-4A5F-41D0-A910-6F978F66CAA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access."}, {"lang": "es", "value": "Una limpieza incompleta en algunos controladores Intel\u00ae PROSet/Wireless WiFi and Killer\u2122 versi\u00f3n anterior a 22.0, puede permitir a un usuario privilegiado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n y denegaci\u00f3n de servicio (b) (/b) por medio de un acceso adyacente"}], "id": "CVE-2020-24458", "lastModified": "2021-02-23T14:51:19.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-17T14:15:16.547", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00448.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Primary"}]}