Vulnerability identifier: #VU24158
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
Vendor: Cisco Systems, Inc
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack on an eNodeB that is connected to an affected device.
The vulnerability exists due to insufficient validation of user-supplied input in the implementation of the Stream Control Transmission Protocol (SCTP). A remote attacker can leverage a man-in-the-middle
position between the eNodeB and the MME, then send a specially crafted SCTP
message to the MME and cause the MME to stop
sending SCTP messages to the eNodeB, results in denial of service condition.
Install updates from vendor's website.
Vulnerable software versions
Cisco Mobility Management Entity: -
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.