CVE-2016-9205

{"id": "CVE-2016-9205", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-12-14T00:59:26.397", "references": [{"url": "http://www.securityfocus.com/bid/94813", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL."}, {"lang": "es", "value": "Una vulnerabilidad en la petici\u00f3n de c\u00f3digo de manejo HTTP 2.0 de Cisco IOS XR Software podr\u00eda permitir a un atacante remoto no autenticado provocar la ca\u00edda del demonio Event Management Service (emsd), resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). M\u00e1s Informaci\u00f3n: CSCvb14425. Lanzamientos Afectados Conocidos: 6.1.1.BASE. Lanzamientos Reparados Conocidos: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL."}], "lastModified": "2017-01-04T14:43:04.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52CC4093-80C1-4B0C-82D2-647C625FF42D"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}