Sign-up

ID

VAR-201612-0367


CVE

CVE-2016-9205


TITLE

Cisco IOS XR Software HTTP 2.0 Service operation interruption in request handling code (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-006286

DESCRIPTION

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XR Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvb14425

Trust: 2.52

sources: NVD: CVE-2016-9205 // JVNDB: JVNDB-2016-006286 // CNVD: CNVD-2016-12410 // BID: 94813 // VULHUB: VHN-98025

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12410

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:6.1.1

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:6.1.1.base

Trust: 0.8

vendor:ciscomodel:ios xr softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xr softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-12410 // BID: 94813 // JVNDB: JVNDB-2016-006286 // CNNVD: CNNVD-201612-223 // NVD: CVE-2016-9205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9205
value: HIGH

Trust: 1.0

NVD: CVE-2016-9205
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-12410
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-223
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98025
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9205
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12410
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98025
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9205
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12410 // VULHUB: VHN-98025 // JVNDB: JVNDB-2016-006286 // CNNVD: CNNVD-201612-223 // NVD: CVE-2016-9205

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-98025 // JVNDB: JVNDB-2016-006286 // NVD: CVE-2016-9205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-223

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201612-223

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006286

PATCH
title:cisco-sa-20161207-ios-xrurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr
Trust: 0.8
title:Patch for CiscoIOSXRSoftware Denial of Service Vulnerability (CNVD-2016-12410)url:https://www.cnvd.org.cn/patchInfo/show/86056
Trust: 0.6
title:Cisco IOS XR Software Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66260
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12410 // 
            
            
            
            JVNDB: JVNDB-2016-006286 // 
            
            
            
            CNNVD: CNNVD-201612-223

EXTERNAL IDS
db:NVDid:CVE-2016-9205
Trust: 3.4
db:BIDid:94813
Trust: 2.0
db:JVNDBid:JVNDB-2016-006286
Trust: 0.8
db:CNNVDid:CNNVD-201612-223
Trust: 0.7
db:CNVDid:CNVD-2016-12410
Trust: 0.6
db:VULHUBid:VHN-98025
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12410 // 
            
            
            
            VULHUB: VHN-98025 // 
            
            
            
            BID: 94813 // 
            
            
            
            JVNDB: JVNDB-2016-006286 // 
            
            
            
            CNNVD: CNNVD-201612-223 // 
            
            
            
            NVD: CVE-2016-9205

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-ios-xr
Trust: 2.6
url:http://www.securityfocus.com/bid/94813
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9205
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9205
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12410 // 
            
            
            
            VULHUB: VHN-98025 // 
            
            
            
            BID: 94813 // 
            
            
            
            JVNDB: JVNDB-2016-006286 // 
            
            
            
            CNNVD: CNNVD-201612-223 // 
            
            
            
            NVD: CVE-2016-9205

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 94813

SOURCES
db:CNVDid:CNVD-2016-12410
db:VULHUBid:VHN-98025
db:BIDid:94813
db:JVNDBid:JVNDB-2016-006286
db:CNNVDid:CNNVD-201612-223
db:NVDid:CVE-2016-9205

LAST UPDATE DATE
2024-11-23T22:45:47.611000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12410date:2016-12-16T00:00:00
db:VULHUBid:VHN-98025date:2017-01-04T00:00:00
db:BIDid:94813date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-006286date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-223date:2016-12-12T00:00:00
db:NVDid:CVE-2016-9205date:2024-11-21T03:00:47.853

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12410date:2016-12-16T00:00:00
db:VULHUBid:VHN-98025date:2016-12-14T00:00:00
db:BIDid:94813date:2016-12-07T00:00:00
db:JVNDBid:JVNDB-2016-006286date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-223date:2016-12-09T00:00:00
db:NVDid:CVE-2016-9205date:2016-12-14T00:59:26.397