A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of HTTP requests.

An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system.

An exploit could allow the attacker to cause the emsd to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr
A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of HTTP requests.

An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system.

An exploit could allow the attacker to cause the emsd to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr

Security Impact Rating: Medium

CVE: CVE-2016-9205

Leave a Reply