CVE-2015-4203

Published: Jun 23, 2015Modified: May 6, 2026

5.4

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:C

Exploitability: 4.9 / Impact: 6.9

Source: NVD

Description

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.

Affected (2)

Products: Cisco: Ios

1 product

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ios	Version 12.2(33)sch
Cisco Ios	Version 12.2sch

Running on/with	Platform Versions
Cisco Ubr10000 Cable Modem Termination System	All versions

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (6)

http://tools.cisco.com/security/center/viewAlert.x?alertId=39439

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/75339

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032692

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=39439

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/75339

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032692

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.