CVE-2020-12321: Intel Wireless Bluetooth products Escalation of Privilege Vulnerability Alert

On November 10, 2020, Intel officially released a risk notice for the Intel Wireless Bluetooth products privilege escalation vulnerability. The vulnerability number is CVE-2020-12321. The vulnerability level is critical, and CVSS Base Score: 9.6.

Vulnerability Detail

Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Affected Product

  • Intel® Wi-Fi 6 AX201
  • Intel® Wi-Fi 6 AX200
  • Intel® Wireless-AC 9560
  • Intel® Wireless-AC 9462
  • Intel® Wireless-AC 9461
  • Intel® Wireless-AC 9260
  • Intel® Dual Band Wireless-AC 8265
  • Intel® Dual Band Wireless-AC 8260
  • Intel® Dual Band Wireless-AC 3168
  • Intel® Wireless 7265 (Rev D) Family
  • Intel® Dual Band Wireless-AC 3165

Solution

In this regard, we recommend that users upgrade Intel® Wireless Bluetooth® products to version 21.110 or later in time.