Announcement Announcement Module
Collapse
No announcement yet.
Cisco IOS Software Session Initiation Protocol Vulnerability Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco IOS Software Session Initiation Protocol Vulnerability

    Cisco IOS Software Session Initiation Protocol Vulnerability


    Severity Rating: High

    Systems Affected
    • Cisco IOS 12.4, 15.0 through 15.4
    • Cisco IOS XE Software 3.1.x through 3.12.x

    Overview
    A vulnerability have been reported in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software which could allow an unauthenticated remote attacker to cause a reload of an affected device which results in a Denial of Service (DoS) condition.

    Description
    The vulnerability is due to improper processing of specific SIP messages by an affected device.
    A remote attacker could exploit this vulnerability by sending a crafted SIP message on an established call or initiating a call including the crafted SIP message destined to a targeted device.
    Successful exploitation of this vulnerability could cause the targeted device to reload which results in a DoS condition.

    Solution
    Apply appropriate updates as mentioned in CISCO advisory:
    http://tools.cisco.com/security/cent...a-20140924-sip

    Vendor Information References

    CISCO
    http://tools.cisco.com/security/cent...a-20140924-sip

    References
    CISCO
    http://tools.cisco.com/security/cent...?alertId=35611
Tag Cloud Tag Cloud Module
Collapse
Working...
X