CVE-2021-0167

Vulnerability

An improper access control vulnerability exists in the software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi on Windows 10 and 11. This affects all driver versions prior to the fixed releases specified in the Intel advisory [1]. The issue lies in insufficiently enforced access restrictions in the driver's handling of certain IOCTLs, allowing a privileged user to access resources that should be protected.

Exploitation

Exploitation requires local access and a user account with existing privileges on the system (e.g., a standard user or a service account). The attacker must be able to execute code on the target machine and send specially crafted I/O control codes to the vulnerable driver. No network access or user interaction beyond normal system use is needed for the initial compromise; the privilege escalation step is performed entirely from the local context [1].

Impact

Successful exploitation allows the attacker to escalate their privileges, potentially gaining SYSTEM or kernel-level access. This could lead to full compromise of the confidentiality, integrity, and availability of the affected system, including the ability to install programs, view, change, or delete data, and create new accounts with full user rights [1].

Mitigation

Users should update the Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi software to the versions specified in Intel-SA-00539 [1], which contain the fix. Users can obtain the updated software via Intel's Driver & Support Assistant (Intel DSA) or from their device manufacturer. No workaround is provided for unpatched versions. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.