JVN#75617741: Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)

Overview

Intel Dual Band Wireless-AC 8260 contains a denial-of-service (DoS) vulnerability.

Products Affected

Intel Dual Band Wireless-AC 8260 Windows10 Driver Version 20.50.1.1 and earlier

Description

Intel Dual Band Wireless-AC 8260 contains a denial-of-service (DoS) vulnerability (CWE-400).

Impact

An attacker may be able to cause a denial-of-service (DoS).

Solution

Update the device driver
Apply the appropriate device driver update according to the information provided by the developer.

Vendor Status

Vendor	Link
Intel Corporation	INTEL-SA-00232
	Downloads for Intel® Dual Band Wireless-AC 8260

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score: 4.3

Attack Vector(AV)	Physical (P)	Local (L)	Adjacent (A)	Network (N)
Attack Complexity(AC)	High (H)	Low (L)
Privileges Required(PR)	High (H)	Low (L)	None (N)
User Interaction(UI)	Required (R)	None (N)
Scope(S)	Unchanged (U)	Changed (C)
Confidentiality Impact(C)	None (N)	Low (L)	High (H)
Integrity Impact(I)	None (N)	Low (L)	High (H)
Availability Impact(A)	None (N)	Low (L)	High (H)

CVSS v2 AV:A/AC:L/Au:N/C:N/I:N/A:P

Base Score: 3.3

Access Vector(AV)	Local (L)	Adjacent Network (A)	Network (N)
Access Complexity(AC)	High (H)	Medium (M)	Low (L)
Authentication(Au)	Multiple (M)	Single (S)	None (N)
Confidentiality Impact(C)	None (N)	Partial (P)	Complete (C)
Integrity Impact(I)	None (N)	Partial (P)	Complete (C)
Availability Impact(A)	None (N)	Partial (P)	Complete (C)

Credit

Yusuke Ogawa of Cisco Systems G.K. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2019-0136
JVN iPedia	JVNDB-2019-000046

JVN#75617741 Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)