CVE-2015-6111 — Microsoft Windows Server 2012 vulnerability

CWE-3994 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.1%

top 21.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012

Timeline

PublishedNov 11

Latest updateMay 14

Description

IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles encryption negotiation, which allows remote authenticated users to cause a denial of service (system hang) via crafted IP traffic, aka "Windows IPSec Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vgc4-g2ff-j2wj: IPSec in Microsoft Windows 8, Windows 8↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - November 2015↗2015-11-10

▶

Talos

Microsoft Patch Tuesday - November 2015↗2015-11-10

▶