Vulnerability Details : CVE-2015-0609
Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-0609
Probability of exploitation activity in the next 30 days: 1.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-0609
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2015-0609
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0609
-
http://www.securityfocus.com/bid/72564
Cisco IOS Software CVE-2015-0609 Denial of Service Vulnerability
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=37420
Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1031731
Cisco IOS Measurement, Aggregation, and Correlation Engine Bugs Let Remote Users Deny Service - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100809
Cisco IOS MACE denial of service CVE-2015-0609 Vulnerability Report
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609
Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service VulnerabilityVendor Advisory
Products affected by CVE-2015-0609
- cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(1\)t4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(1\)t3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(2\)t1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(2\)t:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(2\)t2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(1\)t:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4t:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(1\)t2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.4\(1\)t1:*:*:*:*:*:*:*