CVE-2017-3876

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 6.1.1

Description The issue is related to errors in resource management in the Event Management Service of Cisco IOS XR routers. It can be exploited by a remote, unauthenticated attacker to cause a denial of service condition on the affected device. The vulnerability is caused by improper handling of gRPC requests. An attacker can exploit this by repeatedly sending unauthenticated gRPC requests to the device. A successful exploit could allow the attacker to crash the device, requiring manual intervention for recovery.

Recommendations For Cisco IOS XR version 6.1.1, update to a newer version that includes the fix for this issue. As a temporary workaround, consider disabling the gRPC service on the affected device until a patch is available.