7.8

CVE-2015-2291

Warning

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

Data is provided by the National Vulnerability Database (NVD)
IntelEthernet Diagnostics Driver Iqvw32.Sys Version1.03.0.7
   MicrosoftWindows Version-
IntelEthernet Diagnostics Driver Iqvw64.Sys Version1.03.0.7
   MicrosoftWindows Version-

10.02.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability

Vulnerability

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.4% 0.844
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/79623
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/36392/
Third Party Advisory
VDB Entry