Login Sign Up

CVE-2022-40964

7.9 HIGH

📋 TL;DR

This vulnerability in Intel PROSet/Wireless WiFi and Killer WiFi software allows a privileged user to escalate privileges via local access due to improper access control. It affects systems running vulnerable versions of these Intel wireless drivers and software. Successful exploitation could allow attackers to gain higher privileges on the local system.

💻 Affected Systems

Products:
  • Intel PROSet/Wireless WiFi software
  • Intel Killer WiFi software
Versions: Multiple versions prior to fixes released in September 2022
Operating Systems: Windows, Linux distributions including Debian, Fedora
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with Intel wireless adapters using vulnerable driver/software versions. The vulnerability is in the software/driver layer, not the hardware itself.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Killer by Intel

View all CVEs affecting Killer →

Proset\/wireless Wifi by Intel

View all CVEs affecting Proset\/wireless Wifi →

Uefi Firmware by Intel

View all CVEs affecting Uefi Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A local attacker with existing privileges could gain SYSTEM/root-level access, potentially taking full control of the affected system, installing malware, or accessing sensitive data.

🟠

Likely Case

A malicious insider or compromised account with local access could elevate privileges to install persistent backdoors, bypass security controls, or access restricted system resources.

🟢

If Mitigated

With proper access controls and least privilege principles, the impact is limited as attackers would need initial local access and privileges to exploit the vulnerability.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.
🏢 Internal Only: HIGH - Internal attackers or compromised accounts with local access can exploit this to gain higher privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and existing privileges. No public exploit code has been identified, but the vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions addressing Intel-SA-00766 (specific version varies by product and OS)

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html

Restart Required: Yes

Instructions:

1. Check Intel advisory for affected products. 2. Update Intel wireless drivers through Windows Update or manufacturer website. 3. For Linux, update packages via distribution repositories. 4. Reboot system after update.

🔧 Temporary Workarounds

Restrict local access

all

Limit local access to systems with vulnerable software to trusted users only

Apply principle of least privilege

all

Ensure users have only necessary privileges to reduce impact if exploited

🧯 If You Can't Patch

  • Disable or remove vulnerable Intel wireless adapters if possible
  • Implement strict access controls and monitoring for systems with vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check Intel wireless driver version against affected versions listed in Intel-SA-00766 advisory

Check Version:

Windows: wmic path win32_pnpentity where "caption like '%Intel%Wireless%'" get caption,driverVersion | Linux: modinfo iwlwifi | grep version

Verify Fix Applied:

Verify driver version has been updated to patched version and check system logs for successful driver installation

📡 Detection & Monitoring

Log Indicators:

  • Driver installation/update events
  • Privilege escalation attempts in security logs
  • Unusual process creation with elevated privileges

Network Indicators:

  • Local privilege escalation typically has no network indicators

SIEM Query:

EventID=4688 AND (ProcessName contains 'cmd.exe' OR ProcessName contains 'powershell.exe') AND NewProcessName contains 'system' OR ParentProcessName contains 'system'

📊 Metadata

CVE ID: CVE-2022-40964
CVSS v3 Score: 7.9 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CWE: CWE-284
Published: August 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-40964, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)