CVE-2019-16026

MEDIUM

Cisco Mobility Management Entity - DoS

Title source: llm
STIX 2.1

Description

A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition.

References (1)

Core 1
Core References

Scores

CVSS v3 5.9
EPSS 0.0139
EPSS Percentile 69.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (1)
cisco/staros < 21.16.1
Published Jan 26, 2020
Tracked Since Feb 18, 2026