Home

CVE-2015-1637

Description

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the FREAK issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

Risk Information

Base Score
5.3
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
43.723

Associated Vulnerability

VulnerabilityOS Platform
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Server 2003 (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Vista (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Server 2008 (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows 7 (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows 8 (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows 8.1 (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Server 2003 x64 Edition (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Vista for x64-based Systems (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Server 2008 x64 Edition (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows 7 for x64-based Systems (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Server 2008 R2 x64 Edition (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows 8 for x64-based Systems (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Server 2012 (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows 8.1 for x64-based Systems (KB3046049)Windows
ms15-031: vulnerability in schannel could allow security feature bypass: march 10, 2015 for Windows Server 2012 R2 (KB3046049)Windows
CVE-2015-1637NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-17305Security Update for Windows Server 2003 (KB3046049)
PATCH-17306Security Update for Windows Vista (KB3046049)
PATCH-17307Security Update for Windows Server 2008 (KB3046049)
PATCH-17308Security Update for Windows 7 (KB3046049)
PATCH-17309Security Update for Windows 8 (KB3046049)
PATCH-17310Security Update for Windows 8.1 (KB3046049)
PATCH-17311Security Update for Windows Server 2003 x64 Edition (KB3046049)
PATCH-17312Security Update for Windows Vista for x64-based Systems (KB3046049)
PATCH-17313Security Update for Windows Server 2008 x64 Edition (KB3046049)
PATCH-17314Security Update for Windows 7 for x64-based Systems (KB3046049)
PATCH-17315Security Update for Windows Server 2008 R2 x64 Edition (KB3046049)
PATCH-17316Security Update for Windows 8 for x64-based Systems (KB3046049)
PATCH-17317Security Update for Windows Server 2012 (KB3046049)
PATCH-17318Security Update for Windows 8.1 for x64-based Systems (KB3046049)
PATCH-17319Security Update for Windows Server 2012 R2 (KB3046049)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234