CVE-2016-9205

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software version 6.1.1.BASE

Description A vulnerability in the HTTP 2.0 request handling code could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system.

Recommendations For Cisco IOS XR Software version 6.1.1.BASE, update to version 6.1.2.6i.MGBL, 6.1.22.9i.MGBL, or 6.2.1.14i.MGBL to resolve the issue. As a temporary workaround, consider restricting access to the HTTP 2.0 request handling functionality until a patch is applied.