Cisco Bug: CSCut20778 - Cisco Packet Data Network Gateway (PGW) Packet Monitor Vulnerability
Dec 26, 2016
- Cisco ASR 5000 Series
Known Affected Releases
Symptoms: A vulnerability in packet monitoring feature of the Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to cause the CLI session where packet monitoring was enabled to cease to log data for a period of time because the Event Logging application reset. The vulnerability is due to a malformed GPRS Tunneling Protocol Version 2 (GTPv2) packet which is received when packet monitoring is active on the CLI. An attacker could exploit this vulnerability by sending a crafted malformed GTPv2 packet when a local, authenticated user had enabled packet monitoring to the CLI. An exploit could allow the attacker to cause the CLI session where packet monitoring was enabled to cease to log data to the CLI for a period of time because the Event Logging application reset. Conditions: Device configured with packet monitoring for GTPv2 - monitor protocol and GTPv2 option is 74 - running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases