CVE-2015-0654

2015-03-1301:59:33

CWE-362

cisco

web.nvd.nist.gov

cisco

ips software

denial of service

cve-2015-0654

tls

security vulnerability

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.

Affected configurations

Nvd

Node

ciscointrusion_prevention_systemMatch7.2\(1\)e4

ciscointrusion_prevention_systemMatch7.2\(2\)e4

ciscointrusion_prevention_systemMatch7.3\(2\)e4

VendorProductVersionCPE
ciscointrusion_prevention_system7.2(1)e4cpe:2.3:a:cisco:intrusion_prevention_system:7.2\(1\)e4:*:*:*:*:*:*:*
ciscointrusion_prevention_system7.2(2)e4cpe:2.3:a:cisco:intrusion_prevention_system:7.2\(2\)e4:*:*:*:*:*:*:*
ciscointrusion_prevention_system7.3(2)e4cpe:2.3:a:cisco:intrusion_prevention_system:7.3\(2\)e4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	intrusion_prevention_system	7.2(1)e4	cpe:2.3:a:cisco:intrusion_prevention_system:7.2\(1\)e4:::::::*
cisco	intrusion_prevention_system	7.2(2)e4	cpe:2.3:a:cisco:intrusion_prevention_system:7.2\(2\)e4:::::::*
cisco	intrusion_prevention_system	7.3(2)e4	cpe:2.3:a:cisco:intrusion_prevention_system:7.3\(2\)e4:::::::*