CVE-2015-0609 : Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE)

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.

Published 2015-02-16 00:59:05

Updated 2017-09-08 01:29:46

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-0609

Probability of exploitation activity in the next 30 days: 1.36%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-0609

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2015-0609

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0609

http://www.securityfocus.com/bid/72564

Cisco IOS Software CVE-2015-0609 Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37420

Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1031731

Cisco IOS Measurement, Aggregation, and Correlation Engine Bugs Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/100809

Cisco IOS MACE denial of service CVE-2015-0609 Vulnerability Report
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609

Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
Vendor Advisory

Products affected by CVE-2015-0609

Cisco » IOS
Versions up to, including, (<=) 15.4\(2\)t3
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t4
cpe:2.3:o:cisco:ios:15.4\(1\)t4:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t3
cpe:2.3:o:cisco:ios:15.4\(1\)t3:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(2)t1
cpe:2.3:o:cisco:ios:15.4\(2\)t1:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(2)t
cpe:2.3:o:cisco:ios:15.4\(2\)t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(2)t2
cpe:2.3:o:cisco:ios:15.4\(2\)t2:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t
cpe:2.3:o:cisco:ios:15.4\(1\)t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4t
cpe:2.3:o:cisco:ios:15.4t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t2
cpe:2.3:o:cisco:ios:15.4\(1\)t2:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t1
cpe:2.3:o:cisco:ios:15.4\(1\)t1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-0609

Exploit prediction scoring system (EPSS) score for CVE-2015-0609

CVSS scores for CVE-2015-0609

CWE ids for CVE-2015-0609

References for CVE-2015-0609

Products affected by CVE-2015-0609