CVE-2015-0609 : Race condition in the Common Classification Engine (CCE) in the Measurement, Agg

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.

Published 2015-02-16 00:59:05

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-0609

Cisco » IOS
Versions up to, including, (<=) 15.4\(2\)t3
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t4
cpe:2.3:o:cisco:ios:15.4\(1\)t4:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t3
cpe:2.3:o:cisco:ios:15.4\(1\)t3:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(2)t1
cpe:2.3:o:cisco:ios:15.4\(2\)t1:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(2)t
cpe:2.3:o:cisco:ios:15.4\(2\)t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(2)t2
cpe:2.3:o:cisco:ios:15.4\(2\)t2:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t
cpe:2.3:o:cisco:ios:15.4\(1\)t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4t
cpe:2.3:o:cisco:ios:15.4t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t2
cpe:2.3:o:cisco:ios:15.4\(1\)t2:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.4(1)t1
cpe:2.3:o:cisco:ios:15.4\(1\)t1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0609

EPSS FAQ

0.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0609

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2015-0609

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0609

http://www.securityfocus.com/bid/72564

Cisco IOS Software CVE-2015-0609 Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37420

Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1031731

Cisco IOS Measurement, Aggregation, and Correlation Engine Bugs Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/100809

Cisco IOS MACE denial of service CVE-2015-0609 Vulnerability Report
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609

Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-0609

Products affected by CVE-2015-0609

Exploit prediction scoring system (EPSS) score for CVE-2015-0609

CVSS scores for CVE-2015-0609

CWE ids for CVE-2015-0609

References for CVE-2015-0609