CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

Published: 2015-12-29 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2015-5296 is rated Moderate Risk (58.3/100): CVSS Medium severity, with high exploitation likelihood (EPSS 7.29%, 94th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +3.96% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2015-5296

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 3.33% 7.29% +3.96%
2 2026-06-08 3.65% 3.33% -0.32%
3 2026-03-24 3.65%

Full EPSS history (17 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2015-5296

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.4 3.1 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 2.2 2.7 [email protected]
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2015-5296

OS Trackers for CVE-2015-5296

vendor priority summary link
debian not yet assigned CVE-2015-5296 not yet assigned priority: Debian including 1 source packages (samba), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2015-5296
gentoo normal CVE-2015-5296: 1 GLSA(s) (201612-47), 1 atom(s) (net-fs/samba); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-5296
redhat medium https://access.redhat.com/security/cve/CVE-2015-5296
suse medium CVE-2015-5296 severity moderate: SUSE including 1229 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1924 product×package rows across 55 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 11 SP3, … (55 product lines)): Fixed 1767, Known Affected 157. https://www.suse.com/security/cve/CVE-2015-5296/
ubuntu medium CVE-2015-5296 medium priority: Ubuntu including 2 source packages (samba, samba4), 16 status rows across 8 suites (precise, trusty, upstream, vivid, wily, xenial, yakkety, zesty): released 9, DNE 6, ignored 1. https://ubuntu.com/security/CVE-2015-5296

Affected software / configurations for CVE-2015-5296

Vendor Product Version Raw CPE
samba samba >= 3.2.0, < 4.1.22 cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
samba samba >= 4.2.0, < 4.2.7 cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
samba samba >= 4.3.0, < 4.3.3 cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
debian debian_linux 7.0 cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debian debian_linux 8.0 cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
canonical ubuntu_linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
canonical ubuntu_linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonical ubuntu_linux 15.04 cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
canonical ubuntu_linux 15.10 cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

References for CVE-2015-5296

URL Tags
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html Mailing List Third Party Advisory
http://www.debian.org/security/2016/dsa-3433 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory
http://www.securityfocus.com/bid/79732 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034493 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2855-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2855-2 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1290292 Issue Tracking Third Party Advisory
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=1ba49b8f389eda3414b14410c7fbcb4041ca06b1
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a819d2b440aafa3138d95ff6e8b824da885a70e9
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=d724f835acb9f4886c0001af32cd325dbbf1f895
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993 Third Party Advisory
https://security.gentoo.org/glsa/201612-47 Third Party Advisory
https://www.samba.org/samba/security/CVE-2015-5296.html Vendor Advisory
cvelogic Threat Intelligence