CVE-2015-0631
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
21/02/2015
Last modified:
12/04/2025
Description
Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688.
Impact
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:ips_sensor_software:7.2\(1\)e4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:ips_sensor_software:7.2\(2\)e4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ids_4210:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ids_4215:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ids_4220:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ids_4230:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ids_4235:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ids_4250:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ids_4250_xl:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ips_4240:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ips_4255:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ips_4260:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ips_4270:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0631
- http://www.securityfocus.com/bid/72700
- http://www.securitytracker.com/id/1031780
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0631
- http://www.securityfocus.com/bid/72700
- http://www.securitytracker.com/id/1031780