Severity
Medium
Analysis Summary
CVE-2024-23198 CVSS:6.6
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-38660 CVSS:3.8
Intel Processor (SPP) could allow a local authenticated attacker to gain elevated privileges on the system, caused by protection mechanism failure. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-36294 CVSS:6.7
Intel Driver Support Assistant could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-28049 CVSS:5.7
Intel PROSet/Wireless Software and Killer Wi-Fi wireless products are vulnerable to a denial of service, caused by improper input validation in firmware. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-23198
- CVE-2024-38660
- CVE-2024-36294
- CVE-2024-28049
Affected Vendors
Affected Products
- Intel Processor (SPP)
- Intel Driver Support Assistant
- Intel PROSet/Wireless Software
- Intel Killer Wi-Fi products
- Intel Killer Wi-Fi wireless products
Remediation
Refer to Intel Security Advisory for patch, upgrade, or suggested workaround information.