Vulnerability in Cisco IOS Embedded Call Processing Solutions

Cisco Internetwork Operating System (IOS®) Software release trains
12.1YD, 12.2T, 12.3 and 12.3T, when configured for the Cisco IOS Telephony
Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site
Telephony (SRST) may contain a vulnerability in processing certain malformed
control protocol messages.

A successful exploitation of this vulnerability may cause a reload of
the device and could be exploited repeatedly to produce a Denial of Service
(DoS). This advisory is available at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050119-itscme[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050119-itscme”]

Cisco has made free software upgrades available to address this
vulnerability for all affected customers. There are workarounds available to
mitigate the effects of the vulnerability.

This vulnerability is documented by Cisco bug ID CSCee08584.