CVE-2022-28667 : Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before versi

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Published 2022-11-11 16:15:14

Updated 2025-01-29 21:15:14

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-28667

Intel » Wireless-ac 9560 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wireless-ac_9560_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wireless-ac 9560 » Version: N/A
Intel » Wireless-ac 9462 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wireless-ac_9462_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wireless-ac 9462 » Version: N/A
Intel » Wireless-ac 9461 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wireless-ac_9461_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wireless-ac 9461 » Version: N/A
Intel » Wireless-ac 9260 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wireless-ac_9260_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wireless-ac 9260 » Version: N/A
Intel » Dual Band Wireless-ac 8265 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:dual_band_wireless-ac_8265_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Dual Band Wireless-ac 8265 » Version: N/A
Intel » Dual Band Wireless-ac 8260 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:dual_band_wireless-ac_8260_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Dual Band Wireless-ac 8260 » Version: N/A
Intel » Dual Band Wireless-ac 3168 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:dual_band_wireless-ac_3168_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Dual Band Wireless-ac 3168 » Version: N/A
Intel » Dual Band Wireless-ac 3165 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:dual_band_wireless-ac_3165_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Dual Band Wireless-ac 3165 » Version: N/A
Intel » Wireless 7265 (rev D) Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wireless_7265_\(rev_d\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wireless 7265 (rev D) » Version: N/A
Intel » Wi-fi 6e Ax211 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wi-fi_6e_ax211_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wi-fi 6e Ax211 » Version: N/A
Intel » Wi-fi 6e Ax411 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wi-fi_6e_ax411_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wi-fi 6e Ax411 » Version: N/A
Intel » Wi-fi 6e Ax210 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wi-fi_6e_ax210_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wi-fi 6e Ax210 » Version: N/A
Intel » Wi-fi 6e Ax201 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wi-fi_6e_ax201_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wi-fi 6e Ax201 » Version: N/A
Intel » Wi-fi 6e Ax200 Firmware
Versions before (<) 22.140
cpe:2.3:o:intel:wi-fi_6e_ax200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Wi-fi 6e Ax200 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-28667

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-28667

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	Intel Corporation
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-28667

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2022-28667

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00687.html

INTEL-SA-00687
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-28667

Products affected by CVE-2022-28667

Exploit prediction scoring system (EPSS) score for CVE-2022-28667

CVSS scores for CVE-2022-28667

CWE ids for CVE-2022-28667

References for CVE-2022-28667