7.8

CVE-2015-2291

Warnung

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IntelEthernet Diagnostics Driver Iqvw32.Sys Version1.03.0.7
   MicrosoftWindows Version-
IntelEthernet Diagnostics Driver Iqvw64.Sys Version1.03.0.7
   MicrosoftWindows Version-

10.02.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability

Schwachstelle

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.4% 0.844
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/79623
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/36392/
Third Party Advisory
VDB Entry