CVE-2014-8005Race Condition in Cisco IOS XR

CWE-362Race Condition4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedNov 26
Latest updateMay 17

Description

Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios_xr5.1.0

🔴Vulnerability Details

2
GHSA
GHSA-9446-w3xx-qr8h: Race condition in the lighttpd module in Cisco IOS XR 52022-05-17
CVEList
CVE-2014-8005: Race condition in the lighttpd module in Cisco IOS XR 52014-11-26

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software lighttpd TCP Session Vulnerability2014-11-25
CVE-2014-8005 — Race Condition in Cisco IOS XR | cvebase