Cisco Firewall Services Module, PIX and ASA SIP Message Denial of Service Vulnerability

Cisco Firewall Services Module, PIX Security Appliance, and ASA Security Appliance contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to an error when handling SIP messages. An unauthenticated, remote attacker could exploit this vulnerability by sending a malformed SIP message to an affected device. This action could cause the affected device to reload, resulting in a temporary DoS condition. Repeated attacks can result in a persistent DoS condition.

Cisco has confirmed this vulnerability with a security advisory and released updated software.

Successful exploitation allows the attacker to cause the affected device to reload, which could be considered a temporary DoS condition. Repeated attacks could result in a persistent denial of service condition.

A system is only vulnerable if deep packet inspection of SIP messages is enabled. This is handled by the fixup command in FWSM 2.x and ASA/PIX 6.x, and is enabled for SIP packets by default in these versions. It is handled by the inspect command in both FWSM 3.x and ASA/PIX 7.x. The inspect command is enabled by default in FWSM 3.x, and disabled by default in ASA/PIX 7.x.