CVE-2015-2291 - Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability

Intel | Ethernet Diagnostics Driver for Windows

• Date Added:
• 2023-02-10

• Due Date:
• 2023-03-03

Vulnerability Name

Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability

Description

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html; https://nvd.nist.gov/vuln/detail/CVE-2015-2291

Top Security News

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Microsoft fixes exploited zero-day (CVE-2024-49138)

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

DeepSeek Jailbreak Reveals Its Entire System Prompt

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Windows Server 2025 released—here are the new features

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Top CVE List

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2015-6175 Microsoft Windows Kernel Privilege Escalation Vulnerability

CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2012-5076 Oracle Java SE Sandbox Bypass Vulnerability

Common CWEs

CWE-1100 Insufficient Isolation of System-Dependent Functions

CWE-1224 Improper Restriction of Write-Once Bit Fields

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

CWE-437 Incomplete Model of Endpoint Features

CWE-440 Expected Behavior Violation

CWE-1420 Exposure of Sensitive Information during Transient Execution

CWE-599 Missing Validation of OpenSSL Certificate

CWE-12 ASP.NET Misconfiguration: Missing Custom Error Page

CWE-916 Use of Password Hash With Insufficient Computational Effort

CWE-13 ASP.NET Misconfiguration: Password in Configuration File