Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W…

CVSS

4.3

Medium

EPSS

0.13

p95

Published

2015-01-01

Updated

2015-01-01

Description

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

Tags · CWE

CWE-310

Affected products

Windows_7Windows_8Windows_8.1Windows_rtWindows_rt_8.1Windows_server_2003Windows_server_2008Windows_server_2012Windows_vista

CVSS vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Timeline

2015-01-01

Published

2015-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: P

Partial

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.132 · p95

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Microsoft

Windows Server 2012 Windows Server 2008 Windows 8.1 Windows Rt 8.1 Windows 7 Windows Vista Windows Server 2003 Windows 8 Windows Rt

Product	Vendor	Status
windows_7	*	Tracked
windows_8	*	Tracked
windows_8.1	*	Tracked
windows_rt	*	Tracked
windows_rt_8.1	*	Tracked
windows_server_2003	*	Tracked
windows_server_2008	*	Tracked
windows_server_2012	*	Tracked
windows_vista	*	Tracked

Source databases

CVE