CVE-2023-38654: 
Intel PROSet/Wireless WiFi Software vulnerability analysis and mitigation

CVE-2023-38654 is a high-severity vulnerability affecting Intel® PROSet/Wireless WiFi software for Windows before version 23.20. The vulnerability was discovered internally by Intel employees and disclosed in May 2024. The affected products include various Intel Wi-Fi models such as Wi-Fi 6 AX200, AX201, Wi-Fi 6E AX210, AX211, AX411, and several Intel Killer™ Wi-Fi models running on Windows 10 & 11 operating systems (Intel Advisory).

The vulnerability stems from improper input validation in Intel® PROSet/Wireless WiFi software for Windows. It has been assigned a CVSS Base Score of 8.2 (High), with a CVSS Vector of CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H. This scoring indicates that the vulnerability can be exploited through adjacent network access, requires low attack complexity, and needs no privileges or user interaction (Intel Advisory).

If exploited, this vulnerability could allow an unauthenticated user to potentially enable denial of service via adjacent access. The impact primarily affects service availability with some potential for integrity compromise, while confidentiality remains unaffected as indicated by the CVSS metrics (Intel Advisory).

Intel recommends that users of affected Intel® PROSet/Wireless Wi-Fi software update to version 23.20 or later. Updates are available through the Windows .exe installer or IT admin package. For Windows 10 and Windows 11 users, the updates can be downloaded from Intel's official download center (Intel Advisory).