CVE-2015-6095 : Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Wind

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass."

Published 2015-11-11 12:59:34

Updated 2019-05-17 12:11:17

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-6095

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-6095

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:C/A:N	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: None

CWE ids for CVE-2015-6095

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6095

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-122

Microsoft Security Bulletin MS15-122 - Important | Microsoft Docs
Patch;Vendor Advisory
http://www.securitytracker.com/id/1034125

Windows Kerberos Authentication Bypass Flaw Lets Physically Local Users Access BitLocker Data on the Target System - SecurityTracker
Third Party Advisory;VDB Entry

Products affected by CVE-2015-6095

Microsoft » Windows Vista » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For Itanium
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-6095

Exploit prediction scoring system (EPSS) score for CVE-2015-6095

CVSS scores for CVE-2015-6095

CWE ids for CVE-2015-6095

References for CVE-2015-6095

Products affected by CVE-2015-6095