vulnerability

Cisco IOS-XR: CVE-2019-1711: Cisco IOS XR gRPC Software Denial of Service Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Apr 17, 2019	May 19, 2021	Mar 3, 2023

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Apr 17, 2019

Added

May 19, 2021

Modified

Mar 3, 2023

Description

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later.

Solution

update-xros

References

BID-108017
CVE-2019-1711
https://attackerkb.com/topics/CVE-2019-1711
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ios-xr-dos

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today