Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12401
HistorySep 28, 2009 - 12:00 a.m.

Cisco IOS SIP消息拒绝服务漏洞

2009-09-2800:00:00
Root
www.seebug.org
16

0.007 Low

EPSS

Percentile

77.6%

JSON

BUGTRAQ ID: 36499
CVE ID: CVE-2009-2870

Cisco IOS是思科网络设备所使用的互联网操作系统。

如果设备运行的Cisco IOS镜像中包含有Cisco Unified Border Element功能,则Cisco IOS软件的SIP实现中存在拒绝服务漏洞。处理一系列特制的SIP消息会导致设备重载。

Cisco IOS 12.4
Cisco IOS 12.3
临时解决方法:

  • 禁用SIP监听端口

    sip-ua
    no transport udp
    no transport tcp
    no transport tcp tls

  • 部署以下控制面整型(CoPP)

    !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted.
    !-- Everything else is not trusted. The following access list is used
    !-- to determine what traffic needs to be dropped by a control plane
    !-- policy (the CoPP feature.) If the access list matches (permit)
    !-- then traffic will be dropped and if the access list does not
    !-- match (deny) then traffic will be processed by the router.

    access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060
    access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060
    access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061
    access-list 100 deny udp host 172.16.1.1 any eq 5060
    access-list 100 deny tcp host 172.16.1.1 any eq 5060
    access-list 100 deny tcp host 172.16.1.1 any eq 5061
    access-list 100 permit udp any any eq 5060
    access-list 100 permit tcp any any eq 5060
    access-list 100 permit tcp any any eq 5061

    !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
    !-- traffic in accordance with existing security policies and
    !-- configurations for traffic that is authorized to be sent
    !-- to infrastructure devices.
    !-- Create a Class-Map for traffic to be policed by
    !-- the CoPP feature.

    class-map match-all drop-sip-class
    match access-group 100

    !-- Create a Policy-Map that will be applied to the
    !-- Control-Plane of the device.

    policy-map drop-sip-traffic
    class drop-sip-class
    drop

    !-- Apply the Policy-Map to the Control-Plane of the
    !-- device.

    control-plane
    service-policy input drop-sip-traffic

厂商补丁:

Cisco

Cisco已经为此发布了一个安全公告(cisco-sa-20090923-sip)以及相应补丁:
cisco-sa-20090923-sip:Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
链接:http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml

Related

nessus 1
securityvulns 2
cve 1
cvelist 1
cisco 1
prion 1
nessus
nessus
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability (cisco-sa-20090923-sip)
2010-09-01 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
2009-09-23 00:00:00
Cisco IOS multiple security vulnerabilities
2009-09-24 00:00:00
cve
cve
CVE-2009-2870
2009-09-28 19:30:00
cvelist
cvelist
CVE-2009-2870
2009-09-28 18:20:00
cisco
cisco
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
2009-09-23 16:00:00
prion
prion
Code injection
2009-09-28 19:30:00

0.007 Low

EPSS

Percentile

77.6%

JSON
Related for SSV:12401
nessus1securityvulns2cve1cvelist1cisco1prion1