Cisco Bug: CSCut68058 - Cisco GGSN Gateway GPRS Support Node TCP Invalid Packet Vulnerability
Feb 13, 2018
- Cisco ASR 5000 Series
Known Affected Releases
Symptoms: A vulnerability in Transmission Control Protocol (TCP) packet input handler of the Cisco Gateway ''General Packet Radio Service'' (GPRS) Support Node (GGSN) could allow an unauthenticated, remote attacker to cause a reset of the Session Manager application. The vulnerability is due to improper input validation of the length fields of the TCP/IP header fields. An attacker could exploit this vulnerability by by sending a crafted TCP packet with and invalid TCP/IP header. An exploit could allow the attacker to cause a partial availability impact due to a denial of service (DoS) condition when the invalid TCP packet is received the Session Manager application restarts. Conditions: Device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases