Page 4 of 22 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. Los permisos predeterminados incorrectos en el instalador del software Intel® PROSet / Wireless WiFi para Windows 10 versiones anteriores a 22.40 pueden permitir que un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0

Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. Unos permisos heredados no seguros en el instalador del software Intel(R) PROSet/Wireless WiFi para Windows 10 versiones anteriores a 22.40, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 1

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que los fragmentos recibidos se borren de la memoria después de (re)conectarse a una red. En las circunstancias adecuadas, cuando otro dispositivo envía tramas fragmentadas cifradas mediante WEP, CCMP o GCMP, se puede abusar de esto para inyectar paquetes de red arbitrarios y/o exfiltrar datos del usuario A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 4.4EPSS: 0%CPEs: 12EXPL: 0

Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. Una lectura fuera de límites en el controlador de modo kernel para algunos productos Intel® Wireless Bluetooth® en Windows* versión 10, puede permitir a un usuario privilegiado habilitar potencialmente una divulgación de información por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html • CWE-125: Out-of-bounds Read •

CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 0

Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access. Una condición de carrera en el instalador del software para algunos productos Intel® Wireless Bluetooth® en Windows* versiones 7, 8.1 y 10, puede permitir a un usuario poco privilegiado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •