CVE-2021-0162

Q: What is the severity of CVE-2021-0162?

CVE-2021-0162 has a CVSS score of 8.8 (HIGH). This vulnerability in Intel PROSet/Wireless and Killer Wi-Fi software allows an unauthenticated attacker on the same network to potentially escalate privileges on affected Windows systems. It affects Windows 10 and 11 users with vulnerable Intel Wi-Fi drivers. The attacker must be within wireless range of the target device.

8.8 HIGH

📋 TL;DR

This vulnerability in Intel PROSet/Wireless and Killer Wi-Fi software allows an unauthenticated attacker on the same network to potentially escalate privileges on affected Windows systems. It affects Windows 10 and 11 users with vulnerable Intel Wi-Fi drivers. The attacker must be within wireless range of the target device.

💻 Affected Systems

Products:

Intel PROSet/Wireless Wi-Fi software
Intel Killer Wi-Fi software

Versions: Multiple versions prior to fixes released in 2021

Operating Systems: Windows 10, Windows 11

Default Config Vulnerable: ⚠️ Yes

Notes: Requires vulnerable Intel Wi-Fi adapter drivers. Systems without Intel Wi-Fi hardware are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing installation of malware, data theft, and persistence on the device.

🟠

Likely Case

Local privilege escalation to SYSTEM or admin level, enabling further attacks on the compromised machine.

🟢

If Mitigated

Limited impact if network segmentation prevents adjacent access or if vulnerable drivers are not present.

🌐 Internet-Facing: LOW - Requires physical proximity or same network segment, not directly exploitable from the internet.

🏢 Internal Only: HIGH - Exploitable from within the same network, making corporate environments particularly vulnerable.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires adjacent network access but no authentication. The CWE-20 (Improper Input Validation) suggests straightforward exploitation once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Intel driver updates released in 2021 (specific versions vary by adapter model)

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html

Restart Required: Yes

Instructions:

1. Visit Intel's driver download page. 2. Identify your Wi-Fi adapter model. 3. Download and install the latest driver. 4. Alternatively, use Windows Update to get driver updates. 5. Restart the system after installation.

🔧 Temporary Workarounds

Disable vulnerable Wi-Fi adapter

windows

Temporarily disable the Intel Wi-Fi adapter to prevent exploitation

netsh interface set interface "Wi-Fi" admin=disable

Use wired connection only

windows

Disable wireless and use Ethernet connection to eliminate attack vector

🧯 If You Can't Patch

Segment wireless networks to limit adjacent access
Implement network monitoring for suspicious Wi-Fi driver activity

🔍 How to Verify

Check if Vulnerable:

Check Intel Wi-Fi driver version in Device Manager > Network adapters > Intel Wi-Fi adapter > Driver tab

Check Version:

wmic path win32_pnpsigneddriver where "devicename like '%intel%wi-fi%'" get devicename, driverversion

Verify Fix Applied:

Verify driver version is updated to post-2021 release and check Windows Update history for Intel driver updates

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Suspicious Wi-Fi driver process activity
Windows Security Event ID 4688 for new high-privilege processes

Network Indicators:

Unusual Wi-Fi management frames from adjacent devices
Suspicious network traffic following Wi-Fi driver interaction

SIEM Query:

EventID=4688 AND (ProcessName="*wlan*" OR ProcessName="*intel*wi-fi*") AND NewProcessName="*cmd*" OR NewProcessName="*powershell*")

📊 Metadata

CVE ID: CVE-2021-0162

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: February 9, 2022

Last Updated: May 5, 2025

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Amt Ac 8260 Firmware by Intel

Amt Ac 8265 Firmware by Intel

Amt Ac 9260 Firmware by Intel

Amt Ac 9560 Firmware by Intel

Amt Wi Fi 6 Ax200 Firmware by Intel

Amt Wi Fi 6 Ax200 Firmware by Intel

Amt Wi Fi 6 Ax200 Firmware by Intel

Amt Wi Fi 6 Ax201 Firmware by Intel

Amt Wi Fi 6 Ax201 Firmware by Intel

Amt Wi Fi 6 Ax210 Firmware by Intel

Killer Ac 1550 Firmware by Intel

Killer Wi Fi 6 Ax1650 Firmware by Intel

Killer Wi Fi 6e Ax1675 Firmware by Intel

Proset Ac 3165 Firmware by Intel

Proset Ac 3168 Firmware by Intel

Proset Ac 8260 Firmware by Intel

Proset Ac 8265 Firmware by Intel

Proset Ac 9260 Firmware by Intel

Proset Ac 9461 Firmware by Intel

Proset Ac 9462 Firmware by Intel

Proset Ac 9560 Firmware by Intel

Proset Wi Fi 6 Ax200 Firmware by Intel

Proset Wi Fi 6 Ax201 Firmware by Intel

Proset Wi Fi 6e Ax210 Firmware by Intel

Proset Wireless 7265 \(rev D\) Firmware by Intel

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable Wi-Fi adapter

Use wired connection only

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities