SymmetricalDataSecurity: Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability

Wednesday, December 7, 2016

Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system. An exploit could allow the attacker to cause the emsd to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgUVEA A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system. An exploit could allow the attacker to cause the emsd to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgUVEA
Security Impact Rating: Medium
CVE: CVE-2016-9205

from Cisco Security Advisory http://ift.tt/2hgUVEA

SymmetricalDataSecurity

Wednesday, December 7, 2016

Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews