Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by sending malformed gRPC requests repeatedly to the affected device. An exploit could allow the attacker to cause the emsd process to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios”]