CVE-2017-12270

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers (affected versions not specified)

Description A vulnerability in the gRPC code could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The issue is due to the software's inability to process HTTP/2 packets. An attacker could exploit this by sending a malformed HTTP/2 frame to the affected device, potentially creating a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.