Cyber Resilience

CVE-2015-2291

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 09 August 2017

Published
09 August 2017
Modified
22 April 2026
KEV Added
10 February 2023
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0561 90.5th percentile
Risk Priority 39 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-2291 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel Ethernet Diagnostics Driver Iqvw32.Sys. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 9.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is an input validation flaw (CWE-20) in the Intel Ethernet diagnostics driver for Windows, specifically affecting IQVW32.sys and IQVW64.sys versions prior to 1.3.1.0. It is triggered by specially crafted IOCTL requests using the codes 0x80862013, 0x8086200B, 0x8086200F, or 0x80862007, which the driver fails to handle safely.

Local authenticated users can exploit the issue by issuing these IOCTL calls from user mode. Successful exploitation can result in denial of service or arbitrary code execution with kernel-level privileges on the affected system, corresponding to a CVSS 3.1 base score of 7.8.

Intel published advisory INTEL-SA-00051 describing the affected driver components and directing users to updated versions 1.3.1.0 or later. Public proof-of-concept code demonstrating the IOCTL-based denial-of-service condition has been released on Exploit-DB and PacketStorm.

EU & UK References

Vulnerability details

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b)…

more

0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

CWE(s)
KEV Date Added
10 February 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

intel
ethernet diagnostics driver iqvw32.sys
1.03.0.7
intel
ethernet diagnostics driver iqvw64.sys
1.03.0.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to system interfaces, which would have blocked the malformed IOCTL codes 0x80862013 etc. that trigger the CWE-20 flaw.

prevent

Mandates timely installation of vendor patches; Intel's update to IQVW32/64.sys 1.3.1.0 eliminates the vulnerable driver code.

prevent

Limits privileges of local users and processes so that even a successful IOCTL exploit cannot immediately obtain kernel-level code execution.

References