CVE-2015-0610 : Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.

Published 2015-02-12 01:59:26

Updated 2017-09-08 01:29:46

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2015-0610

Cisco » IOS
Versions up to, including, (<=) 15.5\(2\)t
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.5(1)t
cpe:2.3:o:cisco:ios:15.5\(1\)t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.5t
cpe:2.3:o:cisco:ios:15.5t:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.5(1)t1
cpe:2.3:o:cisco:ios:15.5\(1\)t1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0610

EPSS FAQ

0.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0610

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-0610

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0610

https://exchange.xforce.ibmcloud.com/vulnerabilities/100807

Cisco IOS ACL security bypass CVE-2015-0610 Vulnerability Report
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610

Cisco Security
Vendor Advisory
http://www.securityfocus.com/bid/72565

Cisco IOS CVE-2015-0610 Security Bypass Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37423

Cisco Security
Vendor Advisory
http://www.securitytracker.com/id/1031732

Cisco IOS Race Condition Lets Remote Users Bypass Access Controls - SecurityTracker

Jump to

Vulnerability Details : CVE-2015-0610

Products affected by CVE-2015-0610

Exploit prediction scoring system (EPSS) score for CVE-2015-0610

CVSS scores for CVE-2015-0610

CWE ids for CVE-2015-0610

References for CVE-2015-0610