Login Sign Up

CVE-2022-27635

8.2 HIGH

📋 TL;DR

This vulnerability allows a privileged user on a local system to escalate privileges through improper access control in Intel PROSet/Wireless WiFi and Killer WiFi software. It affects systems running vulnerable versions of these Intel wireless drivers and management software. Successful exploitation could give attackers higher system privileges than intended.

💻 Affected Systems

Products:
  • Intel PROSet/Wireless WiFi software
  • Intel Killer WiFi software
Versions: Multiple versions prior to fixes released in 2022-2023
Operating Systems: Windows, Linux distributions including Debian, Fedora
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with Intel wireless adapters using vulnerable driver/software versions. The vulnerability is in the management software component, not the wireless functionality itself.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Killer by Intel

View all CVEs affecting Killer →

Proset\/wireless Wifi by Intel

View all CVEs affecting Proset\/wireless Wifi →

Uefi Firmware by Intel

View all CVEs affecting Uefi Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A local attacker with initial privileged access could gain SYSTEM/root-level privileges, potentially taking full control of the affected system, installing persistent malware, or accessing sensitive data.

🟠

Likely Case

A malicious insider or compromised account with local access could elevate privileges to install additional malware, bypass security controls, or maintain persistence on the system.

🟢

If Mitigated

With proper privilege separation and least privilege principles, the impact is limited as the vulnerability requires initial privileged access to exploit.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access, not directly exploitable over the network.
🏢 Internal Only: HIGH - This poses significant risk in internal environments where attackers could gain initial access through other means and then use this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires existing local privileged access. No public exploit code has been identified, but the vulnerability is relatively straightforward for attackers with initial access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by product and OS - check Intel advisory for specific versions

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html

Restart Required: Yes

Instructions:

1. Visit Intel's security advisory page. 2. Identify your specific Intel wireless product. 3. Download and install the updated driver/software package from Intel's website or your OS vendor. 4. Restart the system to complete installation.

🔧 Temporary Workarounds

Remove vulnerable software

all

Uninstall Intel PROSet/Wireless or Killer WiFi management software if not required

Windows: Control Panel > Programs > Uninstall a program > Select Intel wireless software
Linux: Use package manager to remove intel-wifi packages

Restrict local access

all

Implement strict access controls to limit who has local privileged access to affected systems

🧯 If You Can't Patch

  • Implement strict least privilege principles to limit initial attack surface
  • Monitor for privilege escalation attempts and unusual process behavior

🔍 How to Verify

Check if Vulnerable:

Check Intel wireless driver version in Device Manager (Windows) or via 'lspci -v' and driver info (Linux). Compare against patched versions in Intel advisory.

Check Version:

Windows: wmic path win32_pnpentity where "caption like '%Intel%Wireless%'" get caption,driverVersion
Linux: modinfo iwlwifi | grep version

Verify Fix Applied:

Verify installed Intel wireless driver/software version matches or exceeds patched version listed in Intel advisory SA-00766.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation with elevated privileges
  • Unexpected access to privileged system resources
  • Driver/service modification events

Network Indicators:

  • None - this is a local privilege escalation vulnerability

SIEM Query:

Process creation where parent process is Intel wireless software and child process has elevated privileges

📊 Metadata

CVE ID: CVE-2022-27635
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-284
Published: August 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27635, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)