CVE-2015-4199Race Condition in Cisco IOS

CWE-362Race Condition4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.5%
top 32.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedJun 27
Latest updateMay 17

Description

Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios15.3s

🔴Vulnerability Details

2
GHSA
GHSA-3422-45qx-4m3x: Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 152022-05-17
CVEList
CVE-2015-4199: Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 152015-06-27

📋Vendor Advisories

1
Cisco
Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability2015-06-22
CVE-2015-4199 — Race Condition in Cisco IOS | cvebase