NVD

Id
85906  
Name
CVE-2017-3876  
Description
A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is not enabled by default. Cisco Bug IDs: CSCvb14441.  
Reject
 
CVSS Version
2  
CVSS Score
7.8  
Severity
High  
CVSS Base Score
7.8  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:C)  
Pub Date
2017-07-18  
Published
2017-05-16  
Modified Date
2017-07-10  
Seq
2017-3876  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
422560 85906 CVE-2017-0290 98330  View
422561 85906 CVE-2017-0290 https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html  View
422562 85906 CVE-2017-0290 https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/  View
422563 85906 CVE-2017-0290 https://bugs.chromium.org/p/project-zero/issues/detail?id=1252  View
422564 85906 CVE-2017-0290 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290  View
422565 85906 CVE-2017-0290 https://technet.microsoft.com/library/security/4022344  View
422566 85906 CVE-2017-0290 https://twitter.com/natashenka/status/861748397409058816  View
422567 85906 CVE-2017-0290 98330  View
422568 85906 CVE-2017-0290 https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html  View
422569 85906 CVE-2017-0290 https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/  View
422570 85906 CVE-2017-0290 https://bugs.chromium.org/p/project-zero/issues/detail?id=1252  View
422571 85906 CVE-2017-0290 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290  View
422572 85906 CVE-2017-0290 https://technet.microsoft.com/library/security/4022344  View
422573 85906 CVE-2017-0290 https://twitter.com/natashenka/status/861748397409058816  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67841 JVNDB-2017-004130 Cisco IOS XR ルータの Event Management Service デーモンにおけるリソース管理に関する脆弱性 Cisco IOS XR ルータの Event Management Service デーモン (emsd) には、リソース管理に関する脆弱性が存在します。 CVE-2017-3876 0 CVE-2017-3876 85906 7.8 7.5 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004130.html 2017-05-03 2017-06-16 View