CVE-2019-16026
Cisco Mobility Management Entity Denial of Service Vulnerability
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.8EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
26 Jan 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected products
Cisco · Cisco ASR 5000 Series SoftwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →