CVE-2015-0631Race Condition in Cisco IPS Sensor Software

CWE-362Race Condition3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 36.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IPS Sensor Software
Timeline
PublishedFeb 21
Latest updateMay 17

Description

Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ips_sensor_software7.2\(1\)e4, 7.2\(2\)e4+1

🔴Vulnerability Details

1
GHSA
GHSA-j55m-hp7r-r977: Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by ma2022-05-17

📋Vendor Advisories

1
Cisco
Cisco Intrusion Prevention System Key Regeneration HTTPS Denial of Service Vulnerability2015-02-20
CVE-2015-0631 — Race Condition in Cisco | cvebase