CVE-2020-0558 Overview
CVE-2020-0558 is a medium-severity vulnerability affecting Intel PROSet/Wireless WiFi products on Windows 10. Improper buffer restrictions in the kernel mode driver allow an unprivileged user on an adjacent network to trigger a denial of service condition. The flaw impacts a wide range of Intel wireless adapters, including Wi-Fi 6 AX200/AX201 and several Wireless-AC families. Intel addressed the issue in PROSet/Wireless WiFi software version 21.70.
Critical Impact
An attacker within wireless range can crash the wireless driver and disrupt host availability without authentication or user interaction.
Affected Products
- Intel PROSet/Wireless WiFi software versions prior to 21.70 on Windows 10
- Intel Wi-Fi 6 AX200 and AX201 wireless adapters
- Intel Wireless-AC 9260, 9461, 9462, 9560 and Dual Band Wireless-AC 8260, 8265, 3165, 3168, 7265 (Rev D)
Discovery Timeline
- 2020-04-15 - CVE-2020-0558 published to the National Vulnerability Database
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2020-0558
Vulnerability Analysis
The vulnerability resides in the kernel mode driver shipped with Intel PROSet/Wireless WiFi software for Windows 10. The driver fails to enforce proper buffer restrictions when processing data received over the wireless interface. An attacker on an adjacent network can supply crafted frames that exceed expected buffer boundaries handled by the driver.
Because the affected code runs in kernel space, improperly bounded memory operations cause the driver to enter an unrecoverable state. The result is a denial of service condition affecting the wireless stack or the host operating system. The CWE classification is recorded by NVD as NVD-CWE-noinfo, reflecting limited public detail from the vendor advisory.
Root Cause
The root cause is improper buffer restrictions within the kernel mode wireless driver. The driver does not adequately validate the size or boundaries of data structures it processes from over-the-air input. This category of flaw aligns with driver vulnerabilities where missing length checks lead to memory corruption or fatal driver faults.
Attack Vector
Exploitation requires adjacent network access, meaning the attacker must be within wireless radio range of a vulnerable host. No authentication or user interaction is required. The attack does not yield code execution or data disclosure based on the published impact; confidentiality and integrity are unaffected, while availability is high impact. Successful exploitation typically results in a driver crash, system bug check, or loss of wireless connectivity.
No public proof-of-concept code or exploit module is currently available for CVE-2020-0558, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Detection Methods for CVE-2020-0558
Indicators of Compromise
- Unexpected Windows bug checks or blue screen events referencing Intel wireless driver modules such as Netwtw0*.sys or related Netwbw*.sys binaries
- Repeated Wi-Fi adapter disconnects, reset events, or driver restarts in Windows Event Log around the time of suspicious wireless activity
- Anomalous 802.11 management or data frames observed in wireless captures from hosts within radio range
Detection Strategies
- Inventory endpoints running Intel PROSet/Wireless WiFi software and compare installed versions against the fixed release of 21.70 or later
- Monitor Windows kernel crash dumps and Reliability Monitor for repeated wireless driver faults on systems with affected adapters
- Correlate wireless adapter reset events with proximity-based threat activity using endpoint telemetry
Monitoring Recommendations
- Forward Windows System and Application event logs, along with WHEA-Logger and Kernel-Power events, to a centralized logging platform for review
- Track driver version and adapter model fields across the fleet to detect unpatched hosts
- Alert on patterns of repeated wireless disconnects affecting multiple hosts in the same physical location
How to Mitigate CVE-2020-0558
Immediate Actions Required
- Update Intel PROSet/Wireless WiFi software to version 21.70 or later on all Windows 10 systems with affected adapters
- Identify and prioritize laptops and mobile endpoints that operate in untrusted wireless environments
- Validate patch deployment by confirming the installed driver version after reboot
Patch Information
Intel released fixed software in PROSet/Wireless WiFi version 21.70. Refer to the Intel Security Advisory SA-00338 for vendor-supplied download links and detailed version guidance for each adapter model.
Workarounds
- Disable the wireless adapter on systems that cannot be patched immediately, especially in high-risk environments
- Restrict use of vulnerable hosts to wired connections or trusted wireless networks until the driver is updated
- Limit physical proximity exposure by avoiding untrusted public Wi-Fi locations on unpatched devices
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
