← back
CVE-2015-2291

CVE-2015-2291

CVSS 7.8 HIGHEPSS 9.0%● KEVCWE-20
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 9.0%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
14 Mar 2015Public PoC
09 Aug 2017Published on NVD
10 Feb 2023Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Intel's Windows Ethernet diagnostics driver allows a local attacker to crash the system or run malicious code with the highest system privileges by sending specially crafted commands to the driver.

Technical detail

The IQVW32.sys and IQVW64.sys kernel drivers (versions before 1.3.1.0) fail to properly validate IOCTL input (CWE-20) for commands 0x80862013, 0x8086200B, 0x8086200F, and 0x80862007, enabling local code execution or denial of service with kernel-level privileges.

Summary generated and translated by AI from the official description.
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found7
githubgithub.com/gmh5225/CVE-2015-22915githubgithub.com/Tare05/Intel-CVE-2015-22915githubgithub.com/paysonism/CVE-2015-2291-Spoofer-Analysis2githubgithub.com/ethanedits/iqvw64e-privilege-escalation2exploitdbwww.exploit-db.com/exploits/36392unverifiedcve_referencepacketstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.htmlunverifiedcve_referencewww.exploit-db.com/exploits/36392/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.htmlhttps://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-frhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2291https://www.exploit-db.com/exploits/36392/http://www.securityfocus.com/bid/79623