CVE-2015-8960 vulnerability in NetApp Products
Published on September 21, 2016

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

NVD

Products Associated with CVE-2015-8960

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2015-8960 are published in these products:

NetApp Snap Creator Framework

NetApp Data Ontap Edge

NetApp Snapdrive

NetApp Snapmanager

NetApp Smi S Provider

NetApp Host Agent

NetApp Clustered Data Ontap Antivirus Connector

NetApp Solidfire Hci Management Node

NetApp Snapprotect

NetApp Oncommand Shift

NetApp Plug In For Symantec Netbackup

NetApp System Setup

Exploit Probability

EPSS

0.33%

Percentile

55.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2015-8960 vulnerability in NetApp ProductsPublished on September 21, 2016

Products Associated with CVE-2015-8960

Exploit Probability

CVE-2015-8960 vulnerability in NetApp Products
Published on September 21, 2016