CVE-2015-0610: Race Condition
First published: Thu Feb 12 2015(Updated: )
Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | <=15.5\(2\)t | |
| Cisco IOS | =15.5\(1\)t | |
| Cisco IOS | =15.5\(1\)t1 | |
| Cisco IOS | =15.5t |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0610?
CVE-2015-0610 has been rated as a high severity vulnerability due to the potential for remote access restrictions to be bypassed.
How do I fix CVE-2015-0610?
To fix CVE-2015-0610, upgrade to a later version of Cisco IOS that is not affected, specifically versions after 15.5(2)T.
What is the impact of CVE-2015-0610?
The impact of CVE-2015-0610 is that an attacker can bypass access control lists, leading to unauthorized access to network resources.
Which Cisco IOS versions are affected by CVE-2015-0610?
CVE-2015-0610 affects Cisco IOS versions 15.5(2)T and earlier, including 15.5(1)T, 15.5(1)T1, and 15.5T.
Is CVE-2015-0610 exploited in the wild?
As of the latest reports, there have been no confirmed instances of CVE-2015-0610 being actively exploited in the wild.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.5\(2\)t
- version/cisco ios/15.5\(1\)t
- version/cisco ios/15.5\(1\)t1
- version/cisco ios/15.5t