CVE-2015-2374

CVE Database · CVE-2015-2374

CVE-2015-2374

· N/AModified

CVSS v3.1

N/A

EPSS

5.11%

Published

Jul 14, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel, aka "Elevation of Privilege Vulnerability in Netlogon."

Weaknesses (CWE)

CWE-200

Affected Products (8)

microsoft · windows_2003_servervulnerable

microsoft · windows_server_2008vulnerable

microsoft · windows_server_2012vulnerable

References (6)

http://www.securityfocus.com/bid/75633

http://www.securitytracker.com/id/1032900

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-071

http://www.securityfocus.com/bid/75633

http://www.securitytracker.com/id/1032900

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-071

KEV Catalog EPSS Scores Vendors All CVEs