HomePentest-Tools.com Logo

Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability (cisco-sa-20161207-ios-xr) CVE-2016-9205

Severity
CVSSv3 Score
7.5
Vulnerability description

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition.

Risk description

The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system. An exploit could allow the attacker to cause the emsd to crash.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 14, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available