CVE-2022-36377 - Intel NUC Kit Wireless Adapter Driver Vulnerability: Incorrect Default Permissions and Escalation of Privilege

A new vulnerability has been discovered in the Intel NUC Kit Wireless Adapter drivers for Windows 10 with the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-36377. This vulnerability is due to incorrect default permissions applied by the installer software on certain Intel NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40. It allows an authenticated user with local access to potentially enable an escalation of privilege, which opens up doors for additional exploits and cyber-attacks.

Original References

You can find the original advisory for this vulnerability on the Intel security website at the following link:

- Intel Security Advisory

Affected Products

The vulnerability affects Intel NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40. Specific NUC models impacted include:

Exploit Details

This vulnerability occurs due to the improper handling of default permissions by the installer software in the affected versions of Intel NUC Kit Wireless Adapter drivers. An authenticated user with local access to the system may be able to exploit this weakness in default permissions to escalate their privileges levels and perform unauthorized actions on the system.

To demonstrate the vulnerability, let's consider the following code snippet

#include <iostream>
#include <Windows.h>

int main()
{
  // Open vulnerable driver with incorrect default permissions
  HANDLE hDevice = CreateFile(L"\\\\.\\VulnerableDriver",
                              GENERIC_READ | GENERIC_WRITE,
                              FILE_SHARE_READ | FILE_SHARE_WRITE,
                              NULL,
                              OPEN_EXISTING,
                              ,
                              NULL);
  if (hDevice != INVALID_HANDLE_VALUE)
  {
    // Perform actions with the escalated privileges
    std::cout << "Exploit successful. Default permissions allow for privilege escalation." << std::endl;

    // Close the handle
    CloseHandle(hDevice);
  }
  else
  {
    std::cout << "Unable to open driver." << std::endl;
  }
  
  return ;
}

By leveraging incorrect default permissions, this exploit allows a seemingly benign action to be performed on the machine with escalated privileges, potentially leading to further unauthorized actions.

Recommendations

Intel has already released an updated version of the drivers to mitigate this vulnerability (version 22.40). Users are recommended to update their Intel NUC Kit Wireless Adapter drivers to the latest version to ensure they are protected from this issue. Visit the Intel website to download and install the updated drivers:

- Intel Driver Update

If you are unable to update the drivers immediately, it is advised to limit local system access and monitor system activity for any suspicious behavior.

Conclusion

The CVE-2022-36377 vulnerability is a reminder that even default settings and permissions applied by reputable vendors like Intel can be flawed, leading to potential security risks. Always stay up to date with security advisories and apply patches as soon as they are available to minimize the attack surface and protect your system from various cyber threats.

Timeline

Published on: 11/11/2022 16:15:00 UTC
Last modified on: 11/16/2022 16:27:00 UTC