CVE-2016-1436

Name: CVE-2016-1436
Creator: NVD / NIST
Published: 2016-06-23T00:59:05.177+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.76%

Last modified Jun 17, 2026

CVE-2016-1436 is a vulnerability of currently unknown severity. The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.. EPSS estimates a 1.76% chance of exploitation in the next 30 days.

Description

The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.

Metrics

EPSS Probability

1.76%

75.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Cisco	Asr 5000 Software	17.2.0
Cisco	Asr 5000 Software	17.2.0.59184
Cisco	Asr 5000 Software	17.3.1
Cisco	Asr 5000 Software	17.7.0
Cisco	Asr 5000 Software	18.0.0
Cisco	Asr 5000 Software	18.0.0.57828
Cisco	Asr 5000 Software	18.0.0.59167
Cisco	Asr 5000 Software	18.0.0.59211
Cisco	Asr 5000 Software	18.0.l0.59219
Cisco	Asr 5000 Software	18.1.0
Cisco	Asr 5000 Software	18.1.0.59776
Cisco	Asr 5000 Software	18.1.0.59780
Cisco	Asr 5000 Software	18.1_base
Cisco	Asr 5000 Software	18.4.0
Cisco	Asr 5000 Software	19.0.1
Cisco	Asr 5000 Software	19.0.m0.60737
Cisco	Asr 5000 Software	19.0.m0.60828
Cisco	Asr 5000 Software	19.0.m0.61045
Cisco	Asr 5000 Software	19.1.0
Cisco	Asr 5000 Software	19.1.0.61559
Cisco	Asr 5000 Software	19.2.0
Cisco	Asr 5000 Software	19.3.0

References

Timeline

Published: Jun 23, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-1436?

How severe is CVE-2016-1436?

Severity scoring for CVE-2016-1436 is pending analysis. The EPSS model estimates a 1.76% probability of exploitation in the next 30 days.

How do I fix CVE-2016-1436?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-1436?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST