CVE-2015-0610

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.5(2)T and earlier

Description A race condition in the object-group ACL feature allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching. The vulnerability is due to a race condition between process switching and CEF switching while evaluating ACLs with object groups. An attacker could exploit this vulnerability by sending enough traffic through an affected router to trigger the race condition. The attacker may need access to trusted, internal networks behind a firewall to send enough traffic to trigger a race condition on the targeted device.

Recommendations For Cisco IOS versions 15.5(2)T and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the affected router to minimize the risk of exploitation.