VAR-201708-0246
Vulnerability from variot - Updated: 2023-12-18 13:19(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Network Adapter Diagnostic Driver is prone to multiple local buffer-overflow vulnerabilities. An attacker can exploit these issues to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. Note: This issue was previously titled 'Intel Network Adapter Diagnostic Driver CVE-2015-2291 Multiple Remote Code Execution Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. Versions prior to Intel iQVW32.SYS 1.3.1.0, and Intel iQVW64.SYS 1.3.1.0 are vulnerable. Intel Ethernet diagnostics driver for Windows is a Windows-based Ethernet diagnostics driver developed by Intel Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ethernet diagnostics driver iqvw32.sys",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "1.03.0.7"
},
{
"model": "ethernet diagnostics driver iqvw64.sys",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "1.03.0.7"
},
{
"model": "ethernet diagnostics driver iqvw32.sys",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "1.3.1.0"
},
{
"model": "ethernet diagnostics driver iqvw64.sys",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "1.3.1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:ethernet_diagnostics_driver_iqvw32.sys:1.03.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:ethernet_diagnostics_driver_iqvw64.sys:1.03.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2291"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Glafkos Charalambous",
"sources": [
{
"db": "BID",
"id": "79623"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2291",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-80252",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-2291",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2291",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-086",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80252",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-2291",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Network Adapter Diagnostic Driver is prone to multiple local buffer-overflow vulnerabilities. \nAn attacker can exploit these issues to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. \nNote: This issue was previously titled \u0027Intel Network Adapter Diagnostic Driver CVE-2015-2291 Multiple Remote Code Execution Vulnerabilities\u0027. The title and technical details have been changed to better reflect the underlying component affected. \nVersions prior to Intel iQVW32.SYS 1.3.1.0, and Intel iQVW64.SYS 1.3.1.0 are vulnerable. Intel Ethernet diagnostics driver for Windows is a Windows-based Ethernet diagnostics driver developed by Intel Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-80252",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=36392",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2291",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "130854",
"trust": 2.6
},
{
"db": "BID",
"id": "79623",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "36392",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80252",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2291",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"id": "VAR-201708-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:19:25.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00051",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051\u0026languageid=en-fr"
},
{
"title": "Intel-CVE-2015-2291",
"trust": 0.1,
"url": "https://github.com/tare05/intel-cve-2015-2291 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aaliyah6022/bedriver2 "
},
{
"title": "KDU",
"trust": 0.1,
"url": "https://github.com/hfiref0x/kdu "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/474172261/kdu "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/130854/intel-network-adapter-diagnostic-driver-ioctl-dos.html"
},
{
"trust": 2.0,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051\u0026languageid=en-fr"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/79623"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/36392/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2291"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2291"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051\u0026amp;languageid=en-fr"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/tare05/intel-cve-2015-2291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80252"
},
{
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"db": "BID",
"id": "79623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-80252"
},
{
"date": "2017-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"date": "2015-03-17T00:00:00",
"db": "BID",
"id": "79623"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"date": "2017-08-09T18:29:00.933000",
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"date": "2015-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-80252"
},
{
"date": "2017-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2291"
},
{
"date": "2016-07-06T14:21:00",
"db": "BID",
"id": "79623"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007752"
},
{
"date": "2017-08-24T16:16:25.230000",
"db": "NVD",
"id": "CVE-2015-2291"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "79623"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007752"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-086"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…