Published: 12/02/2015 Updated: 08/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and previous versions allows remote malicious users to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios 15.5\\(1\\)t
cisco ios 15.5t
cisco ios
cisco ios 15.5\\(1\\)t1

A vulnerability in Cisco IOS Software access control lists (ACLs) that use object groups could occasionally allow an unauthenticated, remote attacker to bypass the ACL The vulnerability is due to a race condition between process switching and Cisco Express Forwarding switching while evaluating ACLs with object groups An attacker could exploit th ...

CWE-362 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610 http://tools.cisco.com/security/center/viewAlert.x?alertId=37423 http://www.securityfocus.com/bid/72565 http://www.securitytracker.com/id/1031732 https://exchange.xforce.ibmcloud.com/vulnerabilities/100807 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150211-CVE-2015-0610

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0610

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect