CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
94.0%
Cisco Firewall Services Module, PIX Security Appliance, and ASA Security Appliance contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability exists due to an error when handling SIP messages. An unauthenticated, remote attacker could exploit this vulnerability by sending a malformed SIP message to an affected device. This action could cause the affected device to reload, resulting in a temporary DoS condition. Repeated attacks can result in a persistent DoS condition.
Cisco has confirmed this vulnerability with a security advisory and released updated software.
Successful exploitation allows the attacker to cause the affected device to reload, which could be considered a temporary DoS condition. Repeated attacks could result in a persistent denial of service condition.
A system is only vulnerable if deep packet inspection of SIP messages is enabled. This is handled by the fixup command in FWSM 2.x and ASA/PIX 6.x, and is enabled for SIP packets by default in these versions. It is handled by the inspect command in both FWSM 3.x and ASA/PIX 7.x. The inspect command is enabled by default in FWSM 3.x, and disabled by default in ASA/PIX 7.x.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | firewall_services_module | any | cpe:2.3:h:cisco:firewall_services_module:any:*:*:*:*:*:*:* |
cisco | pix_asa_ids | any | cpe:2.3:a:cisco:pix_asa_ids:any:*:*:*:*:*:*:* |