Sign-up

ID

VAR-201502-0142


CVE

CVE-2015-0609


TITLE

Cisco IOS of Measurement Implementation of Common Classification Engine Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001525

DESCRIPTION

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS Software that could allow an attacker to reinstall a device and deny service to a legitimate user. Cisco IOS Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCuj96752. Measurement, Aggregation, and Correlation Engine (MACE) is one of the functions for measuring and analyzing network packets

Trust: 2.52

sources: NVD: CVE-2015-0609 // JVNDB: JVNDB-2015-001525 // CNVD: CNVD-2015-01139 // BID: 72564 // VULHUB: VHN-78555

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01139

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t3

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t4

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t

Trust: 1.6

vendor:ciscomodel:iosscope:lteversion:15.4\(2\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:15.4(2)t3

Trust: 0.8

vendor:ciscomodel:ios softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t3

Trust: 0.6

sources: CNVD: CNVD-2015-01139 // JVNDB: JVNDB-2015-001525 // CNNVD: CNNVD-201502-277 // NVD: CVE-2015-0609

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0609
value: HIGH

Trust: 1.0

NVD: CVE-2015-0609
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-01139
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-277
value: HIGH

Trust: 0.6

VULHUB: VHN-78555
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0609
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01139
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78555
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-01139 // VULHUB: VHN-78555 // JVNDB: JVNDB-2015-001525 // CNNVD: CNNVD-201502-277 // NVD: CVE-2015-0609

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-78555 // JVNDB: JVNDB-2015-001525 // NVD: CVE-2015-0609

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-277

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201502-277

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001525

PATCH
title:Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609
Trust: 0.8
title:37420url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37420
Trust: 0.8
title:Patch for Cisco IOS Software Denial of Service Vulnerability (CNVD-2015-01139)url:https://www.cnvd.org.cn/patchInfo/show/55397
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01139 // 
            
            
            
            JVNDB: JVNDB-2015-001525

EXTERNAL IDS
db:NVDid:CVE-2015-0609
Trust: 3.4
db:BIDid:72564
Trust: 2.6
db:SECTRACKid:1031731
Trust: 1.1
db:JVNDBid:JVNDB-2015-001525
Trust: 0.8
db:CNNVDid:CNNVD-201502-277
Trust: 0.7
db:CNVDid:CNVD-2015-01139
Trust: 0.6
db:NSFOCUSid:29277
Trust: 0.6
db:VULHUBid:VHN-78555
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01139 // 
            
            
            
            VULHUB: VHN-78555 // 
            
            
            
            BID: 72564 // 
            
            
            
            JVNDB: JVNDB-2015-001525 // 
            
            
            
            CNNVD: CNNVD-201502-277 // 
            
            
            
            NVD: CVE-2015-0609

REFERENCES
url:http://www.securityfocus.com/bid/72564
Trust: 2.3
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0609
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37420
Trust: 1.7
url:http://www.securitytracker.com/id/1031731
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100809
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0609
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0609
Trust: 0.8
url:http://www.nsfocus.net/vulndb/29277
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-01139 // 
            
            
            
            VULHUB: VHN-78555 // 
            
            
            
            BID: 72564 // 
            
            
            
            JVNDB: JVNDB-2015-001525 // 
            
            
            
            CNNVD: CNNVD-201502-277 // 
            
            
            
            NVD: CVE-2015-0609

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 72564

SOURCES
db:CNVDid:CNVD-2015-01139
db:VULHUBid:VHN-78555
db:BIDid:72564
db:JVNDBid:JVNDB-2015-001525
db:CNNVDid:CNNVD-201502-277
db:NVDid:CVE-2015-0609

LAST UPDATE DATE
2025-04-13T23:21:18.616000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01139date:2015-02-13T00:00:00
db:VULHUBid:VHN-78555date:2017-09-08T00:00:00
db:BIDid:72564date:2015-02-16T00:04:00
db:JVNDBid:JVNDB-2015-001525date:2015-02-19T00:00:00
db:CNNVDid:CNNVD-201502-277date:2015-02-16T00:00:00
db:NVDid:CVE-2015-0609date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-01139date:2015-02-13T00:00:00
db:VULHUBid:VHN-78555date:2015-02-16T00:00:00
db:BIDid:72564date:2015-02-11T00:00:00
db:JVNDBid:JVNDB-2015-001525date:2015-02-19T00:00:00
db:CNNVDid:CNNVD-201502-277date:2015-02-13T00:00:00
db:NVDid:CVE-2015-0609date:2015-02-16T00:59:05.010