CVE-2015-0006 : The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP

The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."

Published 2015-01-13 22:59:04

Updated 2025-04-12 10:46:41

Source Microsoft Corporation

View at NVD, CVE.org

Products affected by CVE-2015-0006

Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A Update Gold
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2 For X64
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0006

EPSS FAQ

12.80%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0006

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.1	MEDIUM	AV:A/AC:L/Au:N/C:N/I:C/A:N	6.5	6.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: None

CWE ids for CVE-2015-0006

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0006

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-005

Microsoft Security Bulletin MS15-005 - Important | Microsoft Docs
https://exchange.xforce.ibmcloud.com/vulnerabilities/99521

Microsoft Network Location Awareness security bypass CVE-2015-0006 Vulnerability Report
http://secunia.com/advisories/62098

Sign in
https://exchange.xforce.ibmcloud.com/vulnerabilities/99522

Microsoft Knowledge Base Article 3022777 is not installed CVE-2015-0006 Vulnerability Report
http://www.securityfocus.com/bid/71930

Microsoft Windows Network Location Awareness CVE-2015-0006 Security Bypass Vulnerability
http://secunia.com/advisories/62184

Sign in

Jump to

Vulnerability Details : CVE-2015-0006

Products affected by CVE-2015-0006

Exploit prediction scoring system (EPSS) score for CVE-2015-0006

CVSS scores for CVE-2015-0006

CWE ids for CVE-2015-0006

References for CVE-2015-0006