CVE-2021-0066

Q: What is the severity of CVE-2021-0066?

CVE-2021-0066 has a CVSS score of 8.4 (HIGH). This vulnerability allows an unauthenticated attacker with local access to a system to escalate privileges by exploiting improper input validation in Intel Wi-Fi firmware. It affects systems with Intel PROSet/Wireless Wi-Fi firmware across multiple operating systems and Killer Wi-Fi in Windows 10 and 11. Attackers could gain elevated system privileges without authentication.

8.4 HIGH

📋 TL;DR

This vulnerability allows an unauthenticated attacker with local access to a system to escalate privileges by exploiting improper input validation in Intel Wi-Fi firmware. It affects systems with Intel PROSet/Wireless Wi-Fi firmware across multiple operating systems and Killer Wi-Fi in Windows 10 and 11. Attackers could gain elevated system privileges without authentication.

💻 Affected Systems

Products:

Intel PROSet/Wireless Wi-Fi firmware
Killer Wi-Fi

Versions: Multiple versions prior to fixes released in 2021

Operating Systems: Windows 10, Windows 11, Multiple Linux distributions, Multiple operating systems with Intel Wi-Fi

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with Intel Wi-Fi adapters using vulnerable firmware versions are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, enabling installation of persistent malware, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install additional tools, and access sensitive system resources.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection, though local privilege escalation remains possible.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires local access to the system but no authentication. Exploitation involves firmware-level manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Intel driver versions 22.40.0 and later for Windows, various firmware updates for other platforms

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html

Restart Required: Yes

Instructions:

1. Download latest Intel Wi-Fi driver from Intel website or Windows Update. 2. Install the driver update. 3. Restart the system. 4. For Killer Wi-Fi, ensure latest drivers from Intel or OEM are installed.

🔧 Temporary Workarounds

Disable vulnerable Wi-Fi adapter

windows

Temporarily disable the affected Wi-Fi adapter to prevent exploitation

netsh interface set interface "Wi-Fi" admin=disable

Use wired network only

all

Disable Wi-Fi functionality and use wired Ethernet connections

🧯 If You Can't Patch

Implement strict network segmentation to limit lateral movement
Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Intel Wi-Fi driver version in Device Manager (Windows) or using 'lspci -v' and firmware version checks (Linux). Compare against patched versions.

Check Version:

Windows: Get-WmiObject Win32_PnPSignedDriver | Where-Object {$_.DeviceName -like "*Wi-Fi*"} | Select-Object DeviceName, DriverVersion

Verify Fix Applied:

Verify driver version is 22.40.0 or later for Windows, or check firmware version against Intel's patched versions for other platforms.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Wi-Fi driver/firmware modification attempts
Suspicious local system access patterns

Network Indicators:

Unusual local network traffic from previously low-privileged accounts

SIEM Query:

EventID=4688 AND (ProcessName LIKE "%wlan%" OR ProcessName LIKE "%wifi%") AND NewProcessName LIKE "%cmd%" OR NewProcessName LIKE "%powershell%")

📊 Metadata

CVE ID: CVE-2021-0066

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: February 9, 2022

Last Updated: May 5, 2025

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html Patch,Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Amt Ac 8260 Firmware by Intel

Amt Ac 8265 Firmware by Intel

Amt Ac 9260 Firmware by Intel

Amt Ac 9560 Firmware by Intel

Amt Wi Fi 6 Ax200 Firmware by Intel

Amt Wi Fi 6 Ax200 Firmware by Intel

Amt Wi Fi 6 Ax200 Firmware by Intel

Amt Wi Fi 6 Ax201 Firmware by Intel

Amt Wi Fi 6 Ax201 Firmware by Intel

Amt Wi Fi 6 Ax210 Firmware by Intel

Killer Ac 1550 Firmware by Intel

Killer Wi Fi 6 Ax1650 Firmware by Intel

Killer Wi Fi 6e Ax1675 Firmware by Intel

Proset Ac 3165 Firmware by Intel

Proset Ac 3168 Firmware by Intel

Proset Ac 8260 Firmware by Intel

Proset Ac 8265 Firmware by Intel

Proset Ac 9260 Firmware by Intel

Proset Ac 9461 Firmware by Intel

Proset Ac 9462 Firmware by Intel

Proset Ac 9560 Firmware by Intel

Proset Wi Fi 6 Ax200 Firmware by Intel

Proset Wi Fi 6 Ax201 Firmware by Intel

Proset Wi Fi 6e Ax210 Firmware by Intel

Proset Wireless 7265 \(rev D\) Firmware by Intel

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable Wi-Fi adapter

Use wired network only

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities