7.5

CVE-2016-1436

The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.

Data is provided by the National Vulnerability Database (NVD)
CiscoAsr 5000 Software Version17.2.0
CiscoAsr 5000 Software Version17.2.0.59184
CiscoAsr 5000 Software Version17.3.1
CiscoAsr 5000 Software Version17.7.0
CiscoAsr 5000 Software Version18.0.0
CiscoAsr 5000 Software Version18.0.0.57828
CiscoAsr 5000 Software Version18.0.0.59167
CiscoAsr 5000 Software Version18.0.0.59211
CiscoAsr 5000 Software Version18.0.l0.59219
CiscoAsr 5000 Software Version18.1.0
CiscoAsr 5000 Software Version18.1.0.59776
CiscoAsr 5000 Software Version18.1.0.59780
CiscoAsr 5000 Software Version18.1_base
CiscoAsr 5000 Software Version18.4.0
CiscoAsr 5000 Software Version19.0.1
CiscoAsr 5000 Software Version19.0.m0.60737
CiscoAsr 5000 Software Version19.0.m0.60828
CiscoAsr 5000 Software Version19.0.m0.61045
CiscoAsr 5000 Software Version19.1.0
CiscoAsr 5000 Software Version19.1.0.61559
CiscoAsr 5000 Software Version19.2.0
CiscoAsr 5000 Software Version19.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.72% 0.716
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.