CVE-2017-3876Cisco IOS XR vulnerability

CWE-3995 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedMay 16
Latest updateMay 13

Description

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is r

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios_xr6.1.0, 6.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-hjx2-h94g-x4vv: A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denia2022-05-13
CVEList
CVE-2017-3876: A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denia2017-05-16

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Denial of Service Vulnerability2017-05-03

💬Community

1
Bugzilla
CVE-2017-0393 libvpx: Denial of service in mediaserver2019-11-07
CVE-2017-3876 — Cisco IOS XR vulnerability | cvebase