CVE-2017-6599

{"id": "CVE-2017-6599", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2017-04-07T17:59:00.607", "references": [{"url": "http://www.securityfocus.com/bid/97464", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1038191", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-772"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL."}, {"lang": "es", "value": "Una vulnerabilidad en el manejo de llamadas de procedimiento remoto definidas por Google (gRPC) en el software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado provocara que el Event Management Service daemond (emsd) se bloqueara debido a una p\u00e9rdida de memoria del sistema, dando como resultado una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta al software Cisco IOS XR con gRPC habilitado. M\u00e1s informaci\u00f3n: CSCvb14433. Lanzamientos afectados conocidos: 6.1.1.BASE 6.2.1.BASE. Lanzamientos fijos conocidos: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52CC4093-80C1-4B0C-82D2-647C625FF42D"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27A732BF-A723-48EA-AC0F-813CA5A2DB0F"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}