Sign-up

ID

VAR-201502-0143


CVE

CVE-2015-0610


TITLE

Cisco IOS of object-group of ACL Vulnerabilities that prevent access restrictions on functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-001482

DESCRIPTION

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. Cisco IOS of object-group of ACL There is a vulnerability in the functionality that prevents access restrictions due to race conditions. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS has a security bypass vulnerability that allows remote attackers to bypass security restrictions and perform unauthorized operations. Cisco IOS is prone to a security-bypass vulnerability. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCun21071

Trust: 2.52

sources: NVD: CVE-2015-0610 // JVNDB: JVNDB-2015-001482 // CNVD: CNVD-2015-01123 // BID: 72565 // VULHUB: VHN-78556

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01123

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.5t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t

Trust: 1.6

vendor:ciscomodel:iosscope:lteversion:15.5\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:15.5(2)t

Trust: 0.8

vendor:ciscomodel:ios <=15.5 tscope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t

Trust: 0.6

sources: CNVD: CNVD-2015-01123 // JVNDB: JVNDB-2015-001482 // CNNVD: CNNVD-201502-269 // NVD: CVE-2015-0610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0610
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0610
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01123
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-269
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78556
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0610
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01123
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78556
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-01123 // VULHUB: VHN-78556 // JVNDB: JVNDB-2015-001482 // CNNVD: CNNVD-201502-269 // NVD: CVE-2015-0610

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-78556 // JVNDB: JVNDB-2015-001482 // NVD: CVE-2015-0610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-269

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201502-269

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001482

PATCH
title:Cisco IOS Software Access Control List Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610
Trust: 0.8
title:37423url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37423
Trust: 0.8
title:Cisco IOS Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/55399
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01123 // 
            
            
            
            JVNDB: JVNDB-2015-001482

EXTERNAL IDS
db:NVDid:CVE-2015-0610
Trust: 3.4
db:BIDid:72565
Trust: 2.0
db:SECTRACKid:1031732
Trust: 1.1
db:JVNDBid:JVNDB-2015-001482
Trust: 0.8
db:CNVDid:CNVD-2015-01123
Trust: 0.6
db:CNNVDid:CNNVD-201502-269
Trust: 0.6
db:VULHUBid:VHN-78556
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01123 // 
            
            
            
            VULHUB: VHN-78556 // 
            
            
            
            BID: 72565 // 
            
            
            
            JVNDB: JVNDB-2015-001482 // 
            
            
            
            CNNVD: CNNVD-201502-269 // 
            
            
            
            NVD: CVE-2015-0610

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0610
Trust: 2.3
url:http://www.securityfocus.com/bid/72565
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37423
Trust: 1.7
url:http://www.securitytracker.com/id/1031732
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100807
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0610
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0610
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-01123 // 
            
            
            
            VULHUB: VHN-78556 // 
            
            
            
            BID: 72565 // 
            
            
            
            JVNDB: JVNDB-2015-001482 // 
            
            
            
            CNNVD: CNNVD-201502-269 // 
            
            
            
            NVD: CVE-2015-0610

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72565

SOURCES
db:CNVDid:CNVD-2015-01123
db:VULHUBid:VHN-78556
db:BIDid:72565
db:JVNDBid:JVNDB-2015-001482
db:CNNVDid:CNNVD-201502-269
db:NVDid:CVE-2015-0610

LAST UPDATE DATE
2025-04-13T23:39:39.401000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01123date:2015-02-13T00:00:00
db:VULHUBid:VHN-78556date:2017-09-08T00:00:00
db:BIDid:72565date:2015-02-16T00:04:00
db:JVNDBid:JVNDB-2015-001482date:2015-11-05T00:00:00
db:CNNVDid:CNNVD-201502-269date:2015-02-12T00:00:00
db:NVDid:CVE-2015-0610date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-01123date:2015-02-13T00:00:00
db:VULHUBid:VHN-78556date:2015-02-12T00:00:00
db:BIDid:72565date:2015-02-10T00:00:00
db:JVNDBid:JVNDB-2015-001482date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-269date:2015-02-12T00:00:00
db:NVDid:CVE-2015-0610date:2015-02-12T01:59:26.233