What is the CVSS score of CVE-2015-2291?

CVE-2015-2291 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 5.0%.

Which versions of Intel Ethernet Diagnostics Driver are affected by CVE-2015-2291?

CVE-2015-2291 is a confirmed actively exploited (CISA KEV) local privilege escalation in Intel Ethernet diagnostics driver that allows authenticated users to gain SYSTEM-level code execution on…. A patch is available.

Is there a public PoC exploit available for CVE-2015-2291?

Yes, a public proof-of-concept exploit is available for CVE-2015-2291. Prioritise patching immediately. EPSS: 5.0%.

How to fix or mitigate CVE-2015-2291?

Within 24 hours: Inventory all Windows systems with Intel Ethernet adapters and identify IQVW32.sys/IQVW64.sys driver versions via Device Manager or 'driverquery' command. Within 7 days: Upgrade Intel Ethernet diagnostics driver to version 1.3.1.0 or later via Intel's support portal or OEM updates; alternatively, disable/uninstall the diagnostic driver if not required for network operations. Within 30 days: Validate remediation across all affected systems and implement application whitelisting to prevent exploitation of remaining unpatched instances.

Intel Ethernet Diagnostics Driver CVE-2015-2291

HIGH

Improper Input Validation (CWE-20)

2017-08-09 cve@mitre.org

Denial Of Service Microsoft Intel RCE

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 14:00 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 00:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 00:15 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 00:15 nvd

Patch available

CVE Published

Aug 09, 2017 - 18:29 nvd

HIGH 7.8

DescriptionCVE.org

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

AnalysisAI

Local privilege escalation to SYSTEM in Intel Ethernet diagnostics driver (IQVW32.sys/IQVW64.sys versions before 1.3.1.0) allows authenticated Windows users to execute arbitrary code with kernel privileges via crafted IOCTL calls to device driver interfaces. CISA confirms active exploitation in the wild (KEV-listed). Multiple public proof-of-concept exploits demonstrate exploitability across four IOCTL handlers (0x80862013, 0x8086200B, 0x8086200F, 0x80862007). With 4.99% EPSS probability (90th percentile) and confirmed real-world abuse, this represents a critical risk for systems with Intel network adapters where the diagnostic driver remains installed and unpatched.

Technical ContextAI

The Intel Ethernet diagnostics driver uses kernel-mode Windows Driver Model (WDM) components IQVW32.sys (32-bit) and IQVW64.sys (64-bit) to provide low-level network adapter diagnostics and management capabilities. These drivers expose Input/Output Control (IOCTL) interfaces allowing user-mode applications to communicate with kernel-mode driver functions. The vulnerability stems from improper input validation (CWE-20) in four specific IOCTL handlers, failing to properly sanitize or bounds-check parameters passed from user-mode. By sending specially crafted IOCTL requests with malicious buffer sizes or pointers, attackers can trigger memory corruption conditions in kernel space, leading to arbitrary code execution at Ring 0 with SYSTEM privileges. The affected IOCTL codes (0x80862013, 0x8086200B, 0x8086200F, 0x80862007) represent distinct attack surfaces within the driver's device control dispatch routine. CPE data identifies specific vulnerable versions: IQVW32.sys 1.03.0.7 and IQVW64.sys 1.03.0.7, distributed with Intel Network Adapter Diagnostic utilities for Windows environments.

RemediationAI

Upgrade Intel Ethernet diagnostics driver to version 1.3.1.0 or later by installing the patched Intel Network Adapter diagnostic software package available from Intel Security Center advisory INTEL-SA-00051 (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr). Organizations should inventory systems for presence of IQVW32.sys and IQVW64.sys in the Windows drivers directory, checking file version properties to identify vulnerable 1.03.0.7 builds. If the diagnostics driver is not operationally required, completely remove Intel diagnostic utilities and manually delete the kernel drivers as a more secure alternative-this eliminates the attack surface entirely without functional impact on basic network adapter operation. For environments unable to immediately patch, implement compensating controls: restrict local administrator group membership using least-privilege principles, deploy application whitelisting to prevent unsigned kernel driver loading, enable Driver Signature Enforcement and enable Windows Defender Exploit Guard kernel protection features. Note that disabling the driver via Device Manager is insufficient-the IOCTL interfaces remain accessible until the driver files are removed or updated. Monitor for suspicious IOCTL activity via ETW kernel event tracing or EDR solutions flagging direct device object access to \Device\IQVW32 or \Device\IQVW64.

CVE-2015-2291 vulnerability details – vuln.today

Back

Intel Ethernet Diagnostics Driver CVE-2015-2291

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code