Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

2013-11-0616:00:00

tools.cisco.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

49.6%

JSON

A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or cause memory leaks that may result in system instabilities. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software releases are affected.

Cisco has released software updates that address this vulnerability.

There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-sip[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-sip”]

Affected configurations

Vulners

Node

ciscoiosMatch15.1xb

ciscoiosMatch15.1m

ciscoiosMatch15.1gc

ciscoiosMatch15.1\(4\)xb8

ciscoiosMatch15.1\(4\)xb8a

ciscoiosMatch15.1\(4\)m6

ciscoiosMatch15.1\(4\)m5

ciscoiosMatch15.1\(4\)m4

ciscoiosMatch15.1\(4\)gc

ciscoiosMatch15.1\(4\)gc1

CPENameOperatorVersion
ioseq15.1XB
ioseq15.1M
ioseq15.1GC
cisco ioseq15.1(4)XB8
cisco ioseq15.1(4)XB8a
cisco ioseq15.1(4)M6
cisco ioseq15.1(4)M5
cisco ioseq15.1(4)M4
cisco ioseq15.1(4)GC
cisco ioseq15.1(4)GC1

Name	Operator	Version
ios	eq	15.1XB
ios	eq	15.1M
ios	eq	15.1GC
cisco ios	eq	15.1(4)XB8
cisco ios	eq	15.1(4)XB8a
cisco ios	eq	15.1(4)M6
cisco ios	eq	15.1(4)M5
cisco ios	eq	15.1(4)M4
cisco ios	eq	15.1(4)GC
cisco ios	eq	15.1(4)GC1