CVE-2019-16026

Name of the Vulnerable Software and Affected Versions Cisco Mobility Management Entity (MME) (affected versions not specified)

Description The issue is related to the implementation of the Stream Control Transmission Protocol (SCTP) and is caused by insufficient input validation of SCTP traffic. This could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB connected to an affected device. An attacker could exploit this by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME, causing the MME to stop sending SCTP messages to the eNodeB.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.