HOMEVULNERABILITIESCVE-2015-8960
HIGH

CVE-2015-8960

CWE-295Published: September 21, 2016· Updated: Jun 17, 2026

8.1
CVSS v3.1

Official Description

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

NVD Source

Technical Analysis

CVE-2015-8960 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 8.1.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Apple1 product(s)
safari
Google1 product(s)
chrome
ietf1 product(s)
transport layer security
Microsoft1 product(s)
internet explorer
Mozilla1 product(s)
firefox
netapp12 product(s)
clustered data ontap antivirus connectordata ontap edgehost agentoncommand shiftplug-in for symantec netbackupsmi-s providersnap creator frameworksnapdrivesnapmanagersnapprotectsolidfire \& hci management nodesystem setup
opera1 product(s)
opera browser
Source: NVD CPE · 18 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (12)

http://twitter.com/matthew_d_green/statuses/630908726950674433Press/Media Coverage · Technical Description · Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/20/4Mailing List · Technical Description · Third Party Advisory
http://www.securityfocus.com/bid/93071Broken Link · Third Party Advisory · VDB Entry
https://kcitls.orgExploit · Technical Description
http://twitter.com/matthew_d_green/statuses/630908726950674433Press/Media Coverage · Technical Description · Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/20/4Mailing List · Technical Description · Third Party Advisory
http://www.securityfocus.com/bid/93071Broken Link · Third Party Advisory · VDB Entry
https://kcitls.orgExploit · Technical Description

Quick Facts

CVE IDCVE-2015-8960
CVSS Score8.1 / 10
SeverityHIGH
WeaknessCWE-295
CISA KEVNo
Affected7 vendor(s)
PublishedSep 21, 2016

Related CVEs (CWE-295)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2015-8960 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.