Sign-up

ID

VAR-201708-0246


CVE

CVE-2015-2291


TITLE

Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007752

DESCRIPTION

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. Windows for Intel Ethernet Diagnostic driver IQVW32.sys and IQVW64.sys Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Network Adapter Diagnostic Driver is prone to multiple local buffer-overflow vulnerabilities. An attacker can exploit these issues to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. Note: This issue was previously titled 'Intel Network Adapter Diagnostic Driver CVE-2015-2291 Multiple Remote Code Execution Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. Versions prior to Intel iQVW32.SYS 1.3.1.0, and Intel iQVW64.SYS 1.3.1.0 are vulnerable. Intel Ethernet diagnostics driver for Windows is a Windows-based Ethernet diagnostics driver developed by Intel Corporation

Trust: 2.07

sources: NVD: CVE-2015-2291 // JVNDB: JVNDB-2015-007752 // BID: 79623 // VULHUB: VHN-80252 // VULMON: CVE-2015-2291

AFFECTED PRODUCTS

vendor:intelmodel:ethernet diagnostics driver iqvw32.sysscope:eqversion:1.03.0.7

Trust: 1.6

vendor:intelmodel:ethernet diagnostics driver iqvw64.sysscope:eqversion:1.03.0.7

Trust: 1.6

vendor:intelmodel:ethernet diagnostics driver iqvw32.sysscope:ltversion:1.3.1.0

Trust: 0.8

vendor:intelmodel:ethernet diagnostics driver iqvw64.sysscope:ltversion:1.3.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2015-007752 // CNNVD: CNNVD-201601-086 // NVD: CVE-2015-2291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2291
value: HIGH

Trust: 1.0

NVD: CVE-2015-2291
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201601-086
value: HIGH

Trust: 0.6

VULHUB: VHN-80252
value: HIGH

Trust: 0.1

VULMON: CVE-2015-2291
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-2291
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-80252
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-2291
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-80252 // VULMON: CVE-2015-2291 // JVNDB: JVNDB-2015-007752 // CNNVD: CNNVD-201601-086 // NVD: CVE-2015-2291

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-80252 // JVNDB: JVNDB-2015-007752 // NVD: CVE-2015-2291

THREAT TYPE

local

Trust: 0.9

sources: BID: 79623 // CNNVD: CNNVD-201601-086

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201601-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007752

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-80252 // 
            
            
            
            VULMON: CVE-2015-2291

PATCH
title:INTEL-SA-00051url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr
Trust: 0.8
title:Intel-CVE-2015-2291url:https://github.com/Tare05/Intel-CVE-2015-2291 
Trust: 0.1
title: - url:https://github.com/Aaliyah6022/BeDriver2 
Trust: 0.1
title:KDUurl:https://github.com/hfiref0x/KDU 
Trust: 0.1
title: - url:https://github.com/474172261/KDU 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-2291 // 
            
            
            
            JVNDB: JVNDB-2015-007752

EXTERNAL IDS
db:NVDid:CVE-2015-2291
Trust: 2.9
db:PACKETSTORMid:130854
Trust: 2.6
db:BIDid:79623
Trust: 2.1
db:EXPLOIT-DBid:36392
Trust: 1.8
db:JVNDBid:JVNDB-2015-007752
Trust: 0.8
db:CNNVDid:CNNVD-201601-086
Trust: 0.7
db:VULHUBid:VHN-80252
Trust: 0.1
db:VULMONid:CVE-2015-2291
Trust: 0.1
sources:
            
            
            VULHUB: VHN-80252 // 
            
            
            
            VULMON: CVE-2015-2291 // 
            
            
            
            BID: 79623 // 
            
            
            
            JVNDB: JVNDB-2015-007752 // 
            
            
            
            CNNVD: CNNVD-201601-086 // 
            
            
            
            NVD: CVE-2015-2291

REFERENCES
url:http://packetstormsecurity.com/files/130854/intel-network-adapter-diagnostic-driver-ioctl-dos.html
Trust: 2.6
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051&languageid=en-fr
Trust: 2.0
url:http://www.securityfocus.com/bid/79623
Trust: 1.9
url:https://www.exploit-db.com/exploits/36392/
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2291
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-2291
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00051&languageid=en-fr
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/tare05/intel-cve-2015-2291
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-80252 // 
            
            
            
            VULMON: CVE-2015-2291 // 
            
            
            
            BID: 79623 // 
            
            
            
            JVNDB: JVNDB-2015-007752 // 
            
            
            
            CNNVD: CNNVD-201601-086 // 
            
            
            
            NVD: CVE-2015-2291

CREDITS
Glafkos Charalambous
Trust: 0.9
sources:
            
            
            BID: 79623 // 
            
            
            
            CNNVD: CNNVD-201601-086

SOURCES
db:VULHUBid:VHN-80252
db:VULMONid:CVE-2015-2291
db:BIDid:79623
db:JVNDBid:JVNDB-2015-007752
db:CNNVDid:CNNVD-201601-086
db:NVDid:CVE-2015-2291

LAST UPDATE DATE
2024-11-23T22:30:41.737000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-80252date:2017-08-24T00:00:00
db:VULMONid:CVE-2015-2291date:2017-08-24T00:00:00
db:BIDid:79623date:2016-07-06T14:21:00
db:JVNDBid:JVNDB-2015-007752date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201601-086date:2017-08-15T00:00:00
db:NVDid:CVE-2015-2291date:2024-11-21T02:27:09.427

SOURCES RELEASE DATE
db:VULHUBid:VHN-80252date:2017-08-09T00:00:00
db:VULMONid:CVE-2015-2291date:2017-08-09T00:00:00
db:BIDid:79623date:2015-03-17T00:00:00
db:JVNDBid:JVNDB-2015-007752date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201601-086date:2015-03-17T00:00:00
db:NVDid:CVE-2015-2291date:2017-08-09T18:29:00.933