Vulnerability Details : CVE-2021-23188
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access.
Vulnerability category: Information leak
Products affected by CVE-2021-23188
- cpe:2.3:o:intel:wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wireless-ac_9560_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wireless-ac_9462_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wireless-ac_9461_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wireless-ac_9260_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:dual_band_wireless-ac_8265_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:dual_band_wireless-ac_8260_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:dual_band_wireless-ac_3168_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:dual_band_wireless-ac_3165_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wireless_7265_\(rev_d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:proset_wi-fi_6e_ax210_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:killer_ac_1550_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:killer_wi-fi_6_ax1650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:killer_wi-fi_6e_ax1675_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:killer_wi-fi_6e_ax1690_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wi-fi_6e_ax211_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:wi-fi_6e_ax411_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-23188
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-23188
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2021-23188
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-23188
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
INTEL-SA-00621Patch;Vendor Advisory
Jump to