Posted inCardiagtech

Intel® PROSet/Wireless WiFi and Bluetooth® Security Vulnerabilities: Update to Version 23.20

No Comments

In today’s interconnected world, ensuring the security of your wireless connections is paramount. As a leading content creator at keyfobprog.com and an automotive repair expert, I understand the importance of reliable and secure systems, whether it’s your car’s key fob or your computer’s Wi-Fi. Recently, Intel has identified potential security vulnerabilities in some of their Intel® PROSet/Wireless WiFi and Bluetooth® products. This article breaks down these vulnerabilities and guides you through the necessary updates to protect your systems, with a focus on addressing concerns related to potential system errors, perhaps even something that could be mistakenly associated with a code like 01039.

Understanding the Vulnerabilities

Intel has released firmware and software updates to address several potential denial-of-service vulnerabilities. These vulnerabilities, if exploited, could prevent your Wi-Fi or Bluetooth devices from functioning correctly, essentially denying you service. Let’s delve into the specifics of each CVE (Common Vulnerabilities and Exposures) ID:

CVE-2023-38654: Improper Input Validation in WiFi Software (High Severity)

  • Description: This high-severity vulnerability affects Intel® PROSet/Wireless WiFi software for Windows versions before 23.20. It stems from improper input validation, meaning the software isn’t correctly checking the data it receives.
  • Threat: An unauthenticated user, someone nearby on the same network (adjacent access), could exploit this to cause a denial of service.
  • CVSS Score: 8.2 High
  • CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

CVE-2023-47859: Improper Access Control in Bluetooth Products (Medium Severity)

  • Description: This medium-severity vulnerability is found in Intel® Wireless Bluetooth products for Windows before version 23.20. It’s due to improper access control.
  • Threat: An authenticated local user (someone with access to your machine) could potentially trigger a denial of service.
  • CVSS Score: 5.5 Medium
  • CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2023-47210: Improper Input Validation in WiFi Software for Linux (Medium Severity)

  • Description: Similar to CVE-2023-38654, this medium-severity vulnerability involves improper input validation, but this time in Intel® PROSet/Wireless WiFi software for Linux versions before 23.20.
  • Threat: An unauthenticated user with adjacent network access could cause a denial of service.
  • CVSS Score: 4.7 Medium
  • CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CVE-2023-45845: Improper Conditions Check in Bluetooth Products (Medium Severity)

  • Description: This medium-severity vulnerability in Intel® Wireless Bluetooth® products for Windows before version 23.20 is caused by an improper conditions check in the software.
  • Threat: A privileged local user (administrator) could potentially trigger a denial of service.
  • CVSS Score: 4.4 Medium
  • CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2023-38417: Improper Input Validation in WiFi Software (Medium Severity)

  • Description: Another medium-severity vulnerability related to improper input validation, affecting some Intel® PROSet/Wireless WiFi software versions before 23.20.
  • Threat: An unauthenticated user with adjacent access could potentially cause a denial of service.
  • CVSS Score: 4.3 Medium
  • CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2023-40536: Race Condition in WiFi Software (Medium Severity)

  • Description: This medium-severity vulnerability is due to a race condition in some Intel® PROSet/Wireless WiFi software for Windows before version 23.20. A race condition occurs when the system’s behavior depends on the sequence or timing of uncontrollable events.
  • Threat: An unauthenticated user with adjacent access could potentially trigger a denial of service.
  • CVSS Score: 4.3 Medium
  • CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Affected Products

These vulnerabilities affect a range of Intel® PROSet/Wireless Wi-Fi and Wireless Bluetooth® products. It’s crucial to check if your hardware is on the list.

Intel® PROSet/Wireless Wi-Fi Affected Products:

For CVE-2023-38654 & CVE-2023-40536:

  • Intel® Wi-Fi 6 AX200
  • Intel® Wi-Fi 6 AX201
  • Intel® Wi-Fi 6E AX210
  • Intel® Wi-Fi 6E AX211
  • Intel® Wi-Fi 6E AX411
  • Intel® Killer™ Wi-Fi 6 AX1650
  • Intel® Killer™ Wi-Fi 6E AX1675
  • Intel® Killer™ Wi-Fi 6E AX1690
  • Intel® Wi-Fi 7 BE200
  • Intel® Wi-Fi 7 BE202

These are affected on Windows 10 & 11.

For CVE-2023-38417:

  • Intel® Wi-Fi 6 AX200
  • Intel® Wi-Fi 6 AX201
  • Intel® Wi-Fi 6E AX210
  • Intel® Wi-Fi 6E AX211
  • Intel® Wi-Fi 6E AX411
  • Intel® Wireless-AC 9260
  • Intel® Wireless-AC 9560
  • Intel® Killer™ Wi-Fi 6 AX1650
  • Intel® Killer™ Wi-Fi 6E AX1675
  • Intel® Killer™ Wi-Fi 6E AX1690
  • Intel® Wi-Fi 7 BE200
  • Intel® Wi-Fi 7 BE202

These are affected on Windows 10 & 11, Linux, and Chrome OS.

For CVE-2023-47210:

  • Intel® Wireless-AC 9260
  • Intel® Wireless-AC 9560
  • Intel® Killer™ Wi-Fi 6 AX1650
  • Intel® Wi-Fi 6 AX200
  • Intel® Wi-Fi 6 AX201
  • Intel® Wi-Fi 7 BE200
  • Intel® Wi-Fi 7 BE202

These are affected on Linux and Chrome OS.

Intel® Wireless Bluetooth® Affected Products:

For CVE-2023-47859 & CVE-2023-45845:

  • Intel® Wi-Fi 6 AX411
  • Intel® Wi-Fi 6 AX211
  • Intel® Wi-Fi 6 AX210
  • Intel® Wi-Fi 6 AX201
  • Intel® Wi-Fi 6 AX200
  • Intel® Wireless-AC 9560
  • Intel® Wireless-AC 9462
  • Intel® Wireless-AC 9461
  • Intel® Wireless-AC 9260
  • Intel® Dual Band Wireless-AC 3168
  • Intel® Wireless 7265 (Rev D) Family
  • Intel® Dual Band Wireless-AC 3165
  • Intel® Wi-Fi 7 BE200
  • Intel® Wi-Fi 7 BE202

These are affected on Windows 10 & 11.

Alt text: A close up view of an Intel Wi-Fi 6 AX200 module board showcasing the integrated wireless technology.

Recommendation: Update Your Drivers to Version 23.20 or Later

Intel strongly recommends updating your Intel® PROSet/Wireless Wi-Fi software and Intel® Wireless Bluetooth® drivers to version 23.20 or later to mitigate these vulnerabilities. This update is crucial for maintaining the security and stability of your wireless connections. Think of it like getting your car serviced – regular updates keep everything running smoothly and prevent unexpected issues, perhaps even resolving underlying system behaviors that might lead to error codes mistakenly reported as 01039.

How to Update:

For Windows OS:

  1. Download the latest drivers:

    • .exe installer (for end users): Windows 10 and Windows 11 Wi-Fi Drivers for Intel Wireless Adapters
    • IT admin package (for system administrators): Intel PROSet/Wireless Software and Drivers for IT Admins
    • Bluetooth Drivers: Intel Wireless Bluetooth for Windows 10 and Windows 11

  2. Run the installer: Once downloaded, run the .exe installer file and follow the on-screen instructions to update your drivers. For IT admin packages, refer to Intel’s documentation for deployment instructions.

Alt text: Step by step process of Intel driver update installation, showing download, agreement, installation and system restart screens for a typical user experience.

For Chrome OS and Linux OS:

Consult your operating system’s regular open-source channels and update mechanisms to obtain the latest updates. These updates will include the necessary fixes for these vulnerabilities. Typically, this involves using your distribution’s package manager or update center.

Acknowledgements

Intel acknowledges the following individuals and organizations for their contributions to identifying and reporting these vulnerabilities:

  • sim0nsecurity: For reporting CVE-2023-47859.
  • Intel Internal Researchers: Metrik Igor, AmitX Melech, Emmanuel Grumbach, Aviv Levintal, Ben Peretz, and Kaplan Guy for discovering CVE-2023-38654, CVE-2023-38417, CVE-2023-47210, CVE-2023-40536, and CVE-2023-45845.

Intel’s commitment to Coordinated Disclosure ensures that vulnerabilities are addressed and mitigated before public disclosure, protecting users worldwide.

Stay Secure and Updated

Keeping your software and drivers up to date is a fundamental aspect of cybersecurity. Just as you’d maintain your vehicle to ensure its safety and performance, updating your Intel® PROSet/Wireless WiFi and Bluetooth® drivers to version 23.20 or later is essential to protect your systems from potential denial-of-service attacks and maintain a secure and reliable wireless experience. Take action today and update your systems!

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *