Login Sign Up

CVE-2021-0082

7.8 HIGH

📋 TL;DR

This vulnerability in Intel PROSet/Wireless WiFi software for Windows 10 allows authenticated local users to escalate privileges by exploiting an uncontrolled search path in the installer. Attackers could gain higher system privileges than intended. Only Windows 10 systems with affected Intel WiFi software are vulnerable.

💻 Affected Systems

Products:
  • Intel(R) PROSet/Wireless WiFi Software
Versions: Versions before 22.40.0.7
Operating Systems: Windows 10
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Intel WiFi adapters using PROSet/Wireless software. Integrated Intel WiFi in laptops/desktops is commonly affected.

📦 What is this software?

7265 Firmware by Intel

View all CVEs affecting 7265 Firmware →

Ac 3165 Firmware by Intel

View all CVEs affecting Ac 3165 Firmware →

Ac 3168 Firmware by Intel

View all CVEs affecting Ac 3168 Firmware →

Ac 8260 Firmware by Intel

View all CVEs affecting Ac 8260 Firmware →

Ac 8265 Firmware by Intel

View all CVEs affecting Ac 8265 Firmware →

Ac 9260 Firmware by Intel

View all CVEs affecting Ac 9260 Firmware →

Ac 9461 Firmware by Intel

View all CVEs affecting Ac 9461 Firmware →

Ac 9462 Firmware by Intel

View all CVEs affecting Ac 9462 Firmware →

Ac 9560 Firmware by Intel

View all CVEs affecting Ac 9560 Firmware →

Ac1550 Firmware by Intel

View all CVEs affecting Ac1550 Firmware →

Ax1650 Firmware by Intel

View all CVEs affecting Ax1650 Firmware →

Ax1675 Firmware by Intel

View all CVEs affecting Ax1675 Firmware →

Ax200 Firmware by Intel

View all CVEs affecting Ax200 Firmware →

Ax201 Firmware by Intel

View all CVEs affecting Ax201 Firmware →

Ax210 Firmware by Intel

View all CVEs affecting Ax210 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains SYSTEM-level privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.

🟠

Likely Case

Local authenticated users (including low-privilege accounts) escalate to administrator privileges, allowing installation of malware, configuration changes, and credential harvesting.

🟢

If Mitigated

With proper access controls and patching, impact is limited to failed privilege escalation attempts with audit logging.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.
🏢 Internal Only: HIGH - Any compromised internal account (including standard users) could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local authenticated access. DLL hijacking/search order vulnerability that can be exploited by placing malicious DLL in search path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.40.0.7 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html

Restart Required: Yes

Instructions:

1. Download latest Intel PROSet/Wireless WiFi software from Intel website. 2. Run installer as administrator. 3. Follow installation prompts. 4. Restart system when prompted.

🔧 Temporary Workarounds

Remove vulnerable software

windows

Uninstall Intel PROSet/Wireless WiFi software and use Windows native WiFi drivers instead

Control Panel > Programs > Uninstall a program > Select Intel PROSet/Wireless WiFi > Uninstall

Restrict DLL search path

windows

Use Windows policies to restrict DLL search order and prevent DLL hijacking

Set registry key: HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode to 1

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts and monitor for privilege escalation attempts
  • Use application whitelisting to prevent execution of unauthorized DLLs in system directories

🔍 How to Verify

Check if Vulnerable:

Check Intel PROSet/Wireless WiFi software version in Control Panel > Programs and Features. Versions below 22.40.0.7 are vulnerable.

Check Version:

wmic product where "name like 'Intel%%PROSet%%Wireless%%'" get version

Verify Fix Applied:

Verify installed version is 22.40.0.7 or higher in Control Panel > Programs and Features.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs: Security ID 4688 (process creation) showing DLL loading from unusual paths
  • Application logs showing Intel PROSet/Wireless installer activity

Network Indicators:

  • No network indicators - local privilege escalation only

SIEM Query:

EventID=4688 AND (ProcessName="*PROSet*" OR ProcessName="*WiFi*") AND CommandLine contains "DLL"

📊 Metadata

CVE ID: CVE-2021-0082
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: November 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0082, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)