CVE-2019-1711Improper Input Validation in Cisco IOS XR Software

CWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.7%
top 28.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedApr 17
Latest updateMay 13

Description

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecified6.5.1
NVDcisco/ios_xr6.1.06.5.1

🔴Vulnerability Details

2
GHSA
GHSA-3629-c95x-2r49: A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a deni2022-05-13
CVEList
Cisco IOS XR gRPC Software Denial of Service Vulnerability2019-04-17

📋Vendor Advisories

1
Cisco
Cisco IOS XR gRPC Software Denial of Service Vulnerability2019-04-17

💬Community

1
Bugzilla
CVE-2019-7308 kernel: eBPF: Spectre v1 mitigation bypass2019-02-04
CVE-2019-1711 — Improper Input Validation in Cisco | cvebase