CVE-2015-8960

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

< 1%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

El protocolo TLS 1.2 y versiones anteriores soporta los valores rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh y ecdsa_fixed_ecdh para ClientCertificateType pero no documenta directamente la habilidad para computar el secreto maestro en determinadas situaciones con una clave de cliente secreta y una clave pública de servidor pero no una clave secreta de servidor, lo que facilita a atacantes man-in-the-middle suplantar servidores TLS aprovechando el conocimiento de la clave secreta para un certificado cliente X.509 arbitrariamente instalado, también conocido como problema "Key Compromise Impersonation (KCI)".

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-09-20 CVE Reserved
2016-09-21 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-295: Improper Certificate Validation

CAPEC

References (6)

URL	Tag	Source
http://twitter.com/matthew_d_green/statuses/6309087...	Media Coverage
http://www.openwall.com/lists/oss-security/2016/09/...	Mailing List
http://www.securityfocus.com/bid/93071	Broken Link
https://security.netapp.com/advisory/ntap-20180626-...	Third Party Advisory

1 - 4 of 4

URL	Date	SRC
https://kcitls.org	2024-08-06
https://www.usenix.org/system/files/conference/woot15/woot15-pa...	2024-08-06

1 - 2 of 2

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions (19)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ietf Search vendor "Ietf"	Transport Layer Security Search vendor "Ietf" for product "Transport Layer Security"	<= 1.2 Search vendor "Ietf" for product "Transport Layer Security" and version " <= 1.2"	-	Affected	in	Apple Search vendor "Apple"	Safari Search vendor "Apple" for product "Safari"	-	-	Safe
Ietf Search vendor "Ietf"	Transport Layer Security Search vendor "Ietf" for product "Transport Layer Security"	<= 1.2 Search vendor "Ietf" for product "Transport Layer Security" and version " <= 1.2"	-	Affected	in	Google Search vendor "Google"	Chrome Search vendor "Google" for product "Chrome"	-	-	Safe
Ietf Search vendor "Ietf"	Transport Layer Security Search vendor "Ietf" for product "Transport Layer Security"	<= 1.2 Search vendor "Ietf" for product "Transport Layer Security" and version " <= 1.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	-	-	Safe
Ietf Search vendor "Ietf"	Transport Layer Security Search vendor "Ietf" for product "Transport Layer Security"	<= 1.2 Search vendor "Ietf" for product "Transport Layer Security" and version " <= 1.2"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	-	-	Safe
Ietf Search vendor "Ietf"	Transport Layer Security Search vendor "Ietf" for product "Transport Layer Security"	<= 1.2 Search vendor "Ietf" for product "Transport Layer Security" and version " <= 1.2"	-	Affected	in	Opera Search vendor "Opera"	Opera Browser Search vendor "Opera" for product "Opera Browser"	-	-	Safe
Vendor		Product				Version		Other		Status
Netapp Search vendor "Netapp"		Clustered Data Ontap Antivirus Connector Search vendor "Netapp" for product "Clustered Data Ontap Antivirus Connector"				-		-		Affected
Netapp Search vendor "Netapp"		Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge"				-		-		Affected
Netapp Search vendor "Netapp"		Host Agent Search vendor "Netapp" for product "Host Agent"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand Shift Search vendor "Netapp" for product "Oncommand Shift"				-		-		Affected
Netapp Search vendor "Netapp"		Plug-in For Symantec Netbackup Search vendor "Netapp" for product "Plug-in For Symantec Netbackup"				-		-		Affected

1 - 10 of 19