ID
VAR-201606-0285
CVE
CVE-2016-1436
TITLE
Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability
Trust: 1.5
DESCRIPTION
The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. Vendors have confirmed this vulnerability Bug ID CSCuz46198 It is released as.Skillfully crafted by a third party GTPv1 Service disruption via packets ( Restart the Session Manager process ) There is a possibility of being put into a state. The Cisco ASR5000 Series is a 5000 series wireless controller product from Cisco. PacketDataNetworkGateway (aka PGW) is one of the packet data gateways. A security vulnerability exists in the implementation of the GeneralPacketRadioSwitchingTunnelingProtocolVersion1 (GTPv1) implementation of the Cisco ASR5000 SeriesPGW using software prior to 19.4. This issue is being tracked by Cisco Bug ID CSCuz46198
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1.0.59780 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0.57828 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.m0.61045 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.1.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.1.0.61559 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.m0.60828 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.2.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.3.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 17.7.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.4.0 | Trust: 1.6 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 17.3.1 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0.59167 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.1 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1_base | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.l0.59219 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1.0.59776 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.1.0 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0.59211 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 19.0.m0.60737 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 18.0.0 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 17.2.0 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 software | scope: | eq | version: | 17.2.0.59184 | Trust: 1.0 |
| vendor: | cisco | model: | asr 5000 series software | scope: | lt | version: | 19.4 | Trust: 0.8 |
| vendor: | cisco | model: | asr series | scope: | eq | version: | 5000 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer overflow
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20160621-asr | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr | Trust: 0.8 |
| title: | CiscoASR5000SeriesPacketDataNetworkGateway Denial of Service Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/78038 | Trust: 0.6 |
| title: | Cisco ASR 5000 Series Packet Data Network Gateway Remediation measures for denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62416 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-1436 | Trust: 3.4 |
| db: | SECTRACK | id: | 1036152 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-003321 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201606-490 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-04269 | Trust: 0.6 |
| db: | BID | id: | 91344 | Trust: 0.3 |
| db: | VULHUB | id: | VHN-90255 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160621-asr/ | Trust: 1.2 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160621-asr | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1036152 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1436 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1436 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
This vulnerability was found during the resolution of a support case.
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2016-04269 |
| db: | VULHUB | id: | VHN-90255 |
| db: | BID | id: | 91344 |
| db: | JVNDB | id: | JVNDB-2016-003321 |
| db: | CNNVD | id: | CNNVD-201606-490 |
| db: | NVD | id: | CVE-2016-1436 |
LAST UPDATE DATE
2025-04-13T23:39:31.634000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-04269 | date: | 2016-06-23T00:00:00 |
| db: | VULHUB | id: | VHN-90255 | date: | 2016-11-30T00:00:00 |
| db: | BID | id: | 91344 | date: | 2016-07-06T15:03:00 |
| db: | JVNDB | id: | JVNDB-2016-003321 | date: | 2016-06-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201606-490 | date: | 2016-06-23T00:00:00 |
| db: | NVD | id: | CVE-2016-1436 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-04269 | date: | 2016-06-23T00:00:00 |
| db: | VULHUB | id: | VHN-90255 | date: | 2016-06-23T00:00:00 |
| db: | BID | id: | 91344 | date: | 2016-06-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-003321 | date: | 2016-06-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201606-490 | date: | 2016-06-22T00:00:00 |
| db: | NVD | id: | CVE-2016-1436 | date: | 2016-06-23T00:59:05.177 |