CVE-2015-0610Race Condition in Cisco IOS

CWE-362Race Condition4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 51.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedFeb 12
Latest updateMay 17

Description

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios15.5\(2\)t+3

🔴Vulnerability Details

2
GHSA
GHSA-cf75-gfh6-5482: Race condition in the object-group ACL feature in Cisco IOS 152022-05-17
CVEList
CVE-2015-0610: Race condition in the object-group ACL feature in Cisco IOS 152015-02-12

📋Vendor Advisories

1
Cisco
Cisco IOS Software Access Control List Bypass Vulnerability2015-02-11
CVE-2015-0610 — Race Condition in Cisco IOS | cvebase