CVE-2020-12314 : Improper input validation in some Intel(R) PROSet/Wireless WiFi products before

Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Published 2020-11-12 18:15:14

Updated 2020-11-20 18:56:15

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2020-12314

Intel » Proset/wireless Wifi
Versions before (<) 21.110
cpe:2.3:a:intel:proset\/wireless_wifi:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Dual Band Wireless-ac 3165 » Version: N/A
When used together with: Intel » Dual Band Wireless-ac 3168 » Version: N/A
When used together with: Intel » Dual Band Wireless-ac 8260 » Version: N/A
When used together with: Intel » Dual Band Wireless-ac 8265 » Version: N/A
When used together with: Intel » Wi-fi 6 Ax200 » Version: N/A
When used together with: Intel » Wi-fi 6 Ax201 » Version: N/A
When used together with: Intel » Wireless-ac 9260 » Version: N/A
When used together with: Intel » Wireless-ac 9461 » Version: N/A
When used together with: Intel » Wireless-ac 9462 » Version: N/A
When used together with: Intel » Wireless-ac 9560 » Version: N/A
When used together with: Intel » Wireless 7265 (rev D) » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-12314

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-12314

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-12314

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-12314

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402

INTEL-SA-00402
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-12314

Products affected by CVE-2020-12314

Exploit prediction scoring system (EPSS) score for CVE-2020-12314

CVSS scores for CVE-2020-12314

CWE ids for CVE-2020-12314

References for CVE-2020-12314