CVE-2015-0654

CWE-362 — Race Condition4 documents4 sources

Severity

7.1HIGH

EPSS

0.3%

top 45.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Intrusion Prevention System

Timeline

PublishedMar 13

Latest updateMay 17

Description

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/intrusion_prevention_system7.2\(1\)e4, 7.2\(2\)e4, 7.3\(2\)e4+2

🔴Vulnerability Details

GHSA

GHSA-f86g-x5mj-qg95: Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7↗2022-05-17

▶

CVEList

CVE-2015-0654: Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7↗2015-03-13

▶

📋Vendor Advisories

Cisco

Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability↗2015-03-11

▶