var-201708-0246
Vulnerability from variot
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Network Adapter Diagnostic Driver is prone to multiple local buffer-overflow vulnerabilities. An attacker can exploit these issues to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. Note: This issue was previously titled 'Intel Network Adapter Diagnostic Driver CVE-2015-2291 Multiple Remote Code Execution Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. Versions prior to Intel iQVW32.SYS 1.3.1.0, and Intel iQVW64.SYS 1.3.1.0 are vulnerable. Intel Ethernet diagnostics driver for Windows is a Windows-based Ethernet diagnostics driver developed by Intel Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ethernet diagnostics driver iqvw32.sys",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "1.03.0.7"
},
{
"model": "ethernet diagnostics driver iqvw64.sys",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "1.03.0.7"
},
{
"model": "ethernet diagnostics driver iqvw32.sys",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "1.3.1.0"
},
{
"model": "ethernet diagnostics driver iqvw64.sys",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "1.3.1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:ethernet_diagnostics_driver_iqvw32.sys:1.03.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:ethernet_diagnostics_driver_iqvw64.sys:1.03.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2291"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Glafkos Charalambous",
"sources": [
{
"db": "BID",
"id": "79623"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2291",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-80252",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-2291",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2291",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-086",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80252",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-2291",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Network Adapter Diagnostic Driver is prone to multiple local buffer-overflow vulnerabilities. \nAn attacker can exploit these issues to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. \nNote: This issue was previously titled \u0027Intel Network Adapter Diagnostic Driver CVE-2015-2291 Multiple Remote Code Execution Vulnerabilities\u0027. The title and technical details have been changed to better reflect the underlying component affected. \nVersions prior to Intel iQVW32.SYS 1.3.1.0, and Intel iQVW64.SYS 1.3.1.0 are vulnerable. Intel Ethernet diagnostics driver for Windows is a Windows-based Ethernet diagnostics driver developed by Intel Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-80252",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=36392",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2291",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "130854",
"trust": 2.6
},
{
"db": "BID",
"id": "79623",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "36392",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80252",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2291",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"id": "VAR-201708-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:19:25.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00051",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051\u0026languageid=en-fr"
},
{
"title": "Intel-CVE-2015-2291",
"trust": 0.1,
"url": "https://github.com/tare05/intel-cve-2015-2291 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aaliyah6022/bedriver2 "
},
{
"title": "KDU",
"trust": 0.1,
"url": "https://github.com/hfiref0x/kdu "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/474172261/kdu "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/130854/intel-network-adapter-diagnostic-driver-ioctl-dos.html"
},
{
"trust": 2.0,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051\u0026languageid=en-fr"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/79623"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/36392/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2291"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2291"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051\u0026amp;languageid=en-fr"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/tare05/intel-cve-2015-2291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-80252"
},
{
"date": "2017-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"date": "2015-03-17T00:00:00",
"db": "BID",
"id": "79623"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"date": "2017-08-09T18:29:00.933000",
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"date": "2015-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-80252"
},
{
"date": "2017-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"date": "2016-07-06T14:21:00",
"db": "BID",
"id": "79623"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"date": "2017-08-24T16:16:25.230000",
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "79623"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.