VAR-201502-0143
Vulnerability from variot - Updated: 2023-12-18 14:01Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. Cisco IOS of object-group of ACL There is a vulnerability in the functionality that prevents access restrictions due to race conditions. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS has a security bypass vulnerability that allows remote attackers to bypass security restrictions and perform unauthorized operations. Cisco IOS is prone to a security-bypass vulnerability. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCun21071
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.5\\(1\\)t1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.5t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.5\\(1\\)t"
},
{
"model": "ios",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(2\\)t"
},
{
"model": "ios",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "15.5(2)t"
},
{
"model": "ios \u003c=15.5 t",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.5\\(2\\)t"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.5\\(2\\)t",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "72565"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0610",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01123",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-78556",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0610",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01123",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-269",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78556",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "VULHUB",
"id": "VHN-78556"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. Cisco IOS of object-group of ACL There is a vulnerability in the functionality that prevents access restrictions due to race conditions. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS has a security bypass vulnerability that allows remote attackers to bypass security restrictions and perform unauthorized operations. Cisco IOS is prone to a security-bypass vulnerability. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCun21071",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "BID",
"id": "72565"
},
{
"db": "VULHUB",
"id": "VHN-78556"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0610",
"trust": 3.4
},
{
"db": "BID",
"id": "72565",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1031732",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-01123",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201502-269",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78556",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "VULHUB",
"id": "VHN-78556"
},
{
"db": "BID",
"id": "72565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
]
},
"id": "VAR-201502-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "VULHUB",
"id": "VHN-78556"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
}
]
},
"last_update_date": "2023-12-18T14:01:54.991000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco IOS Software Access Control List Bypass Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0610"
},
{
"title": "37423",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37423"
},
{
"title": "Cisco IOS Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55399"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78556"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"db": "NVD",
"id": "CVE-2015-0610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0610"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72565"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37423"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031732"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100807"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0610"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0610"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "VULHUB",
"id": "VHN-78556"
},
{
"db": "BID",
"id": "72565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"db": "VULHUB",
"id": "VHN-78556"
},
{
"db": "BID",
"id": "72565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"date": "2015-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-78556"
},
{
"date": "2015-02-10T00:00:00",
"db": "BID",
"id": "72565"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"date": "2015-02-12T01:59:26.233000",
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"date": "2015-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01123"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78556"
},
{
"date": "2015-02-16T00:04:00",
"db": "BID",
"id": "72565"
},
{
"date": "2015-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001482"
},
{
"date": "2017-09-08T01:29:46.340000",
"db": "NVD",
"id": "CVE-2015-0610"
},
{
"date": "2015-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS of object-group of ACL Vulnerabilities that prevent access restrictions on functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001482"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competitive condition",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-269"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…