Lucene search

CiscoCISCO-SA-20110928-SIP

HistorySep 28, 2011 - 4:00 p.m.

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

2011-09-2816:00:00

tools.cisco.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.1%

JSON

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP)
implementation in Cisco IOS Software and Cisco IOS XE Software that could allow
an unauthenticated, remote attacker to cause a reload of an affected device or
trigger memory leaks that may result in system instabilities. Affected devices
would need to be configured to process SIP messages for these vulnerabilities
to be exploitable.

Cisco has released software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP;
however, mitigations are available to limit exposure to the
vulnerabilities.

This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-sip[“[[Publication_URL]]”].

Note: The September 28, 2011, Cisco IOS Software
Security Advisory bundled publication includes ten Cisco Security Advisories.
Nine of the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications Manager.
Each advisory lists the Cisco IOS Software releases that correct the
vulnerability or vulnerabilities detailed in the advisory as well as the Cisco
IOS Software releases that correct all vulnerabilities in the September 2011
Bundled Publication.

Individual publication links are in “Cisco Event Response:
Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the
following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html”]

Cisco Unified Communications Manager is affected by one of the
vulnerabilities described in this advisory. A separate Cisco Security Advisory
has been published to disclose the vulnerability that affects the Cisco Unified
Communications Manager at the following location:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm”]

[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm”]

CPENameOperatorVersion
ioseq12.4MR
ioseq12.4T
ioseq12.4XC
ioseq12.4XE
ioseq12.4XJ
ioseq12.4XV
ioseq12.4XW
ioseq12.4XY
ioseq12.4XZ
ioseq12.4XL

Name	Operator	Version
ios	eq	12.4MR
ios	eq	12.4T
ios	eq	12.4XC
ios	eq	12.4XE
ios	eq	12.4XJ
ios	eq	12.4XV
ios	eq	12.4XW
ios	eq	12.4XY
ios	eq	12.4XZ
ios	eq	12.4XL

Rows per page:

1-10 of 1831

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-sip

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.1%

JSON

Related for CISCO-SA-20110928-SIP