CVE-2018-0256

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.8MEDIUM

EPSS

0.3%

top 45.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASR 5000 Series Software

Timeline

PublishedApr 19

Latest updateMay 13

Description

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect validation of peer-to-peer packet headers. An attacker could exploit this vulnerability by sending a crafted peer-to-peer packet through an affected device. A successful exploit…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco_packet_data_network_gatewayCisco Packet Data Network Gateway

▶NVDcisco/asr_5000_series_software20.3.0.66671, p2p_2.16.879+1

🔴Vulnerability Details

GHSA

GHSA-x5fh-wf9q-7rgc: A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attac↗2022-05-13

▶

CVEList

CVE-2018-0256: A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attac↗2018-04-19

▶

📋Vendor Advisories

Cisco

Cisco Packet Data Network Gateway Peer-to-Peer Message Processing Denial of Service Vulnerability↗2018-04-18

▶