CVE-2019-16026

CWE-20Improper Input Validation4 documents4 sources
Severity
5.9MEDIUM
EPSS
0.7%
top 28.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco ASR 5000 Series SoftwareCisco Staros
Timeline
PublishedJan 26
Latest updateMay 24

Description

A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted S

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/staros< 21.16.1
CVEListV5cisco/cisco_asr_5000_series_softwareunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-fhjc-mpvv-5r8g: A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unau2022-05-24
CVEList
Cisco Mobility Management Entity Denial of Service Vulnerability2020-01-26

📋Vendor Advisories

1
Cisco
Cisco Mobility Management Entity Denial of Service Vulnerability2020-01-08
CVE-2019-16026 (MEDIUM CVSS 5.9) | A vulnerability in the implementati | cvebase.io