CVE-2019-16026

CVE Database · CVE-2019-16026

CVE-2019-16026

· MEDIUMModified

CVSS v3.1

5.9

EPSS

1.39%

Published

Jan 26, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (4)

cisco · staros (up to 21.16.1)vulnerable

cisco · asr_5000

cisco · asr_5500

cisco · asr_5700

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs