CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
75.9%
A vulnerability in the Wireless Session Protocol (WSP) function of Cisco ASR 5000 Series Gateway GPRS Support Node (GGSN) could allow an unauthenticated, remote attacker to browse free of charge instead of being redirected to a Top-Up portal.
The vulnerability is due to incorrect processing of certain WSP packets. An attacker could exploit this vulnerability by sending crafted WSP packets. An exploit could allow the attacker to browse free of charge instead of being redirected to a Top-Up portal.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker my need access to trusted, internal networks to send crafted WSP packets to a targeted device. This access requirement may reduce the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | asr_5000_series_software | any | cpe:2.3:a:cisco:asr_5000_series_software:any:*:*:*:*:*:*:* |
cisco | asr_9904 | 5000_series_software | cpe:2.3:h:cisco:asr_9904:5000_series_software:*:*:*:*:*:*:* |