Race Condition in Cisco Intrusion Prevention System TLS Implementation
CVE-2015-0654

Currently unrated

Key Information:

Vendor: Cisco
Status: Intrusion Prevention System
Vendor: CVE Published:; 13 March 2015

Summary

A race condition exists in the TLS implementation within the management interface of Cisco Intrusion Prevention System Software prior to version 7.3(3)E4. This vulnerability allows remote attackers to create multiple HTTPS sessions, leading to a denial of service condition. The resulting process hang can significantly disrupt the functioning of the affected systems, potentially compromising the security integrity of network management.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1031908

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Mar 13, 2015
Vulnerability Reserved
Jan 7, 2015