Vulnerability Name:

CVE-2015-0005 (CCN-101111)

Assigned:2014-11-18
Published:2015-03-10
Updated:2019-05-08
Summary:The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."
CVSS v3 Severity:3.4 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
3.8 Low (CCN CVSS v2 Vector: AV:A/AC:M/Au:S/C:P/I:P/A:N)
2.8 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-254
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-0005

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html

Source: FULLDISC
Type: UNKNOWN
20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation

Source: CCN
Type: Microsoft Security Bulletin MS15-027
Vulnerability in NETLOGON Could Allow Spoofing (3002657)

Source: CCN
Type: Microsoft Security Bulletin MS15-071
Vulnerability in NETLOGON Could Allow Spoofing (3068457)

Source: CCN
Type: Microsoft Security Bulletin MS16-101
Security Update for Windows Authentication Methods (3178465)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS16-111
Security Update for Windows Kernel (3186973)

Source: CCN
Type: Microsoft Security Bulletin MS16-120
Security Update for Microsoft Graphics Component (3192884)

Source: CCN
Type: Microsoft Security Bulletin MS16-122
Security Update for Microsoft Video Control (3195360)

Source: CCN
Type: Microsoft Security Bulletin MS16-123
Security Update for Kernel-Mode Drivers (3192892)

Source: CCN
Type: Microsoft Security Bulletin MS16-124
Security Update for Windows Registry (3193227)

Source: CCN
Type: Microsoft Security Bulletin MS16-126
Security Update for Microsoft Internet Messaging API (3196067)

Source: CCN
Type: Microsoft Security Bulletin MS16-131
Security Update for Microsoft Video Control (3199151)

Source: CCN
Type: Microsoft Security Bulletin MS16-139
Security Update for Windows Kernel (3199720)

Source: CCN
Type: Microsoft Security Bulletin MS16-155
Security Update for .NET Framework (3205640)

Source: CCN
Type: Microsoft Security Bulletin MS17-006
Cumulative Security Update for Internet Explorer (4013073)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: MISC
Type: Exploit
http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation

Source: SECTRACK
Type: UNKNOWN
1031891

Source: MS
Type: UNKNOWN
MS15-027

Source: XF
Type: UNKNOWN
ms-netlogon-cve20150005-spoofing(101111)

Source: CCN
Type: Packet Storm Security [03-11-2015]
Windows Pass-Through Authentication Methods Improper Validation

Source: CONFIRM
Type: UNKNOWN
https://www.samba.org/samba/history/samba-4.2.10.html

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:28863
    V
    NETLOGON spoofing vulnerability - CVE-2015-0005 (MS15-027)
    2015-04-27
    BACK
    microsoft windows 2003 server * sp2
    microsoft windows server 2008 * sp2
    microsoft windows server 2008 r2 sp1
    microsoft windows server 2012 -
    microsoft windows server 2012 r2
    microsoft windows server 2012 r2
    microsoft windows server 2012 r2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server 2008 sp2
    microsoft windows server 2008 sp2
    microsoft windows server 2008
    microsoft windows server 2008 r2 sp1
    microsoft windows server 2008 r2 sp1
    microsoft windows server 2012
    microsoft windows server 2012 r2