-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0146
         Intel fixes privilege escalation vulnerability in PROSet
                                17 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel PROSet/Wireless WiFi Software
Operating System:     Windows
Impact/Access:        Increased Privileges -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-3701  
Member content until: Sunday, June 16 2019

OVERVIEW

        Intel has discovered a vulnerability in the following product:
        Intel PROSet/Wireless WiFi Software
        
        Affecting version 20.100 and earlier. [1]


IMPACT

        Intel has provided the following information:
        
        "CVEID: CVE-2018-3701
        
        Description: Improper directory permissions in the installer for Intel
        PROSet/Wireless WiFi Software version 20.100 and earlier may allow an
        authenticated user to potentially enable escalation of privilege via local
        access.
        
        CVSS Base Score: 6.5 Medium" [1]


MITIGATION

        Intel advises updating to version 21.0 or later. [1][2]


REFERENCES

        [1] Intel PROSet/Wireless WiFi Software Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html

        [2] Download Intel PROSet/Wireless Software and Wi-Fi Drivers
            https://www.intel.com/content/www/us/en/support/articles/000005634/network-and-i-o/wireless-networking.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXN5ApmaOgq3Tt24GAQiN7RAAh6yI1PqmmslTL1vDXfzJm/r+Ey0vaJd6
YUnS5/966ViZgqocrpi1ClbqFY08VIYtT+VOQycEouKOI9g3XdihJQnuMkwUPTLk
LYc4jJ09wgR0X4rh4oK+j5KYhbVvZYU2q0h8ZQADdMfbHEKB2EAIdWdM0suqKQZx
t6OhEHiD5lVJIGiAD956WkbTx9nJV1i8DP0RIr9kBlzxN+7vH0L6hXcWhbTK+CQe
0aKflH+i9DGDqWgsYsttLLpBFvQHr1nIFujW+A59xglyRhfft2s49MbDAIj5RCEd
FPJCu1HDX5Zo2N6raN0G8WGrQywyGFDTZ6JpR+8/ZsIBXgrY2ifMnoMClLQ8qXdr
0MGte9ykNR3zGfESMvXSjCpP+YAN9DVNr1gBjtJHz/zRezZe2Av9+khAh9btOZpV
ofZyJeMSyRLIYPn0u+1gFn0G+jTc4lC2lldZY5t67P8Q3HICquAbq8RXeQ4xBjZw
YNKHhI+jf2HHinGzV0Evqt1OIS8wwt1CUkPWp4Tvhv+SxmBAbINTmBgn9RnYJGr5
49/L/BB8fU55JD5Iejo6P+SuiVrYPrx0WtW/EXOZ0kp4yutxaEGbqOf+e2KuydNt
EGmcW2TaCPSp7+QCAtD0CHm24vSNGR9WgCXy7ccnUoamnxNieQaeNIOz5cRG8ixm
uBU9ex9uYgM=
=Ib3w
-----END PGP SIGNATURE-----