Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP)
implementation in Cisco IOS® Software that could
allow an unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled.

Cisco has released software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP;
however, mitigations are available to limit exposure to the
vulnerabilities.

This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-sip[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-sip”].

Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled
publication includes six Cisco Security Advisories. Five of the advisories
address vulnerabilities in Cisco IOS Software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each advisory lists
the releases that correct the vulnerability or vulnerabilities detailed in the
advisory. The table at the following URL lists releases that correct all Cisco
IOS Software vulnerabilities that have been published on September 22, 2010, or
earlier:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-bundle[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-bundle”]

Individual publication links are in “Cisco Event Response:
Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the
following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html”]

Cisco Unified Communications Manager (CUCM) is affected by the
vulnerabilities described in this advisory. Two separate Cisco Security
Advisories have been published to disclose the vulnerabilities that affect the
Cisco Unified Communications Manager at the following locations:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090826-cucm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090826-cucm”]

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-cucmsip[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-cucmsip”]