Denial of Service Vulnerability in Intel Ethernet Diagnostics Driver for Windows
CVE-2015-2291

7.8HIGH

Key Information:

Vendor: Intel
Status: Ethernet Diagnostics Driver Iqvw32.sys; Ethernet Diagnostics Driver Iqvw64.sys
Vendor: CVE Published:; 9 August 2017

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🦅 CISA Reported

What is CVE-2015-2291?

The Intel Ethernet diagnostics driver for Windows contains a vulnerability that allows local users to potentially exploit IOCTL calls to cause a denial of service or execute arbitrary code with kernel-level privileges. Specifically, vulnerable versions of the drivers IQVW32.sys and IQVW64.sys (prior to version 1.3.1.0) can be manipulated using crafted IOCTL requests. This could result in disruptions to system performance or unauthorized actions being executed within the kernel, leading to serious security concerns.

CISA has reported CVE-2015-2291

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2015-2291 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-2291 - Proof of Concept

Intel-CVE-2015-2291
Created by Tare05

CVE-2015-2291-Spoofer-Analysis
Created by paysonism