Denial of Service Vulnerability in Cisco ASR 5000 Packet Data Network Gateway
CVE-2016-1436

7.5HIGH

Key Information:

Vendor: Cisco
Status: Asr 5000 Software
Vendor: CVE Published:; 23 June 2016

What is CVE-2016-1436?

The General Packet Radio Switching Tunneling Protocol version 1 (GTPv1) implementation in the Cisco ASR 5000 Packet Data Network Gateway is susceptible to a denial of service attack. Attackers can exploit this vulnerability by sending specially crafted GTPv1 packets, resulting in the Session Manager process being restarted. This can disrupt the normal operation of the device, leading to potential service downtime and disruption of network connectivity.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1036152

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2016
Vulnerability Reserved
Jan 4, 2016