A vulnerability in the Wireless Session Protocol (WSP) function of Cisco ASR 5000 Series Gateway GPRS Support Node (GGSN) could allow an unauthenticated, remote attacker to browse free of charge instead of being redirected to a Top-Up portal.
The vulnerability is due to incorrect processing of certain WSP packets. An attacker could exploit this vulnerability by sending crafted WSP packets. An exploit could allow the attacker to browse free of charge instead of being redirected to a Top-Up portal.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker my need access to trusted, internal networks to send crafted WSP packets to a targeted device. This access requirement may reduce the likelihood of a successful exploit.