Lucene search

CiscoCISCO-SA-20110928-SIP

HistorySep 28, 2011 - 4:00 p.m.

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

2011-09-2816:00:00

tools.cisco.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.014

Percentile

86.2%

JSON

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP)
implementation in Cisco IOS Software and Cisco IOS XE Software that could allow
an unauthenticated, remote attacker to cause a reload of an affected device or
trigger memory leaks that may result in system instabilities. Affected devices
would need to be configured to process SIP messages for these vulnerabilities
to be exploitable.

Cisco has released software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP;
however, mitigations are available to limit exposure to the
vulnerabilities.

This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-sip[“[[Publication_URL]]”].

Note: The September 28, 2011, Cisco IOS Software
Security Advisory bundled publication includes ten Cisco Security Advisories.
Nine of the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications Manager.
Each advisory lists the Cisco IOS Software releases that correct the
vulnerability or vulnerabilities detailed in the advisory as well as the Cisco
IOS Software releases that correct all vulnerabilities in the September 2011
Bundled Publication.

Individual publication links are in “Cisco Event Response:
Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the
following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html”]

Cisco Unified Communications Manager is affected by one of the
vulnerabilities described in this advisory. A separate Cisco Security Advisory
has been published to disclose the vulnerability that affects the Cisco Unified
Communications Manager at the following location:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm”]

[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm”]

Affected configurations

Vulners

Node

ciscoiosMatch12.4mr

ciscoiosMatch12.4t

ciscoiosMatch12.4xc

ciscoiosMatch12.4xe

ciscoiosMatch12.4xj

ciscoiosMatch12.4xv

ciscoiosMatch12.4xw

ciscoiosMatch12.4xy

ciscoiosMatch12.4xz

ciscoiosMatch12.4xl

ciscoiosMatch12.4xm

ciscoiosMatch15.0m

ciscoiosMatch15.0xa

ciscoiosMatch15.1t

ciscoiosMatch15.1xb

ciscoiosMatch15.0s

ciscoiosMatch12.4mrb

ciscoiosMatch15.1s

ciscoiosMatch15.1m

ciscoiosMatch15.1gc

ciscoiosMatch12.4ys

ciscoiosMatch12.4\(11\)mr

ciscoiosMatch12.4\(9\)mr

ciscoiosMatch12.4\(12\)mr

ciscoiosMatch12.4\(16\)mr

ciscoiosMatch12.4\(16\)mr1

ciscoiosMatch12.4\(19\)mr2

ciscoiosMatch12.4\(19\)mr1

ciscoiosMatch12.4\(19\)mr

ciscoiosMatch12.4\(20\)mr

ciscoiosMatch12.4\(19\)mr3

ciscoiosMatch12.4\(12\)mr1

ciscoiosMatch12.4\(20\)mr2

ciscoiosMatch12.4\(16\)mr2

ciscoiosMatch12.4\(12\)mr2

ciscoiosMatch12.4\(20\)mr1

ciscoiosMatch12.4\(9\)t

ciscoiosMatch12.4\(11\)t

ciscoiosMatch12.4\(15\)t

ciscoiosMatch12.4\(20\)t

ciscoiosMatch12.4\(24\)t

ciscoiosMatch12.4\(24\)t3

ciscoiosMatch12.4\(20\)t1

ciscoiosMatch12.4\(22\)t1

ciscoiosMatch12.4\(15\)t9

ciscoiosMatch12.4\(11\)t4

ciscoiosMatch12.4\(15\)t8

ciscoiosMatch12.4\(15\)t15

ciscoiosMatch12.4\(24\)t5

ciscoiosMatch12.4\(15\)t2

ciscoiosMatch12.4\(15\)t12

ciscoiosMatch12.4\(24\)t4

ciscoiosMatch12.4\(9\)t5

ciscoiosMatch12.4\(20\)t3

ciscoiosMatch12.4\(22\)t

ciscoiosMatch12.4\(15\)t6a

ciscoiosMatch12.4\(20\)t6

ciscoiosMatch12.4\(9\)t3

ciscoiosMatch12.4\(15\)t13

ciscoiosMatch12.4\(15\)t3

ciscoiosMatch12.4\(24\)t2

ciscoiosMatch12.4\(22\)t5

ciscoiosMatch12.4\(15\)t10

ciscoiosMatch12.4\(22\)t4

ciscoiosMatch12.4\(20\)t5

ciscoiosMatch12.4\(9\)t6

ciscoiosMatch12.4\(15\)t4

ciscoiosMatch12.4\(24\)t1

ciscoiosMatch12.4\(9\)t4

ciscoiosMatch12.4\(22\)t3

ciscoiosMatch12.4\(20\)t9

ciscoiosMatch12.4\(9\)t1

ciscoiosMatch12.4\(15\)t13b

ciscoiosMatch12.4\(20\)t5a

ciscoiosMatch12.4\(15\)t5

ciscoiosMatch12.4\(20\)t2

ciscoiosMatch12.4\(11\)t1

ciscoiosMatch12.4\(15\)t11

ciscoiosMatch12.4\(9\)t0a

ciscoiosMatch12.4\(15\)t7

ciscoiosMatch12.4\(11\)t2

ciscoiosMatch12.4\(9\)t7

ciscoiosMatch12.4\(15\)t14

ciscoiosMatch12.4\(11\)t3

ciscoiosMatch12.4\(15\)t6

ciscoiosMatch12.4\(15\)t1

ciscoiosMatch12.4\(9\)t2

ciscoiosMatch12.4\(22\)t2

ciscoiosMatch12.4\(20\)t4

ciscoiosMatch12.4\(4\)xc

ciscoiosMatch12.4\(4\)xc1

ciscoiosMatch12.4\(4\)xc5

ciscoiosMatch12.4\(4\)xc7

ciscoiosMatch12.4\(4\)xc3

ciscoiosMatch12.4\(4\)xc4

ciscoiosMatch12.4\(4\)xc2

ciscoiosMatch12.4\(4\)xc6

ciscoiosMatch12.4\(6\)xe

ciscoiosMatch12.4\(6\)xe2

ciscoiosMatch12.4\(6\)xe1

ciscoiosMatch12.4\(11\)xj

ciscoiosMatch12.4\(11\)xj1

ciscoiosMatch12.4\(11\)xj3

ciscoiosMatch12.4\(11\)xj6

ciscoiosMatch12.4\(11\)xj2

ciscoiosMatch12.4\(11\)xj5

ciscoiosMatch12.4\(11\)xj4

ciscoiosMatch12.4\(11\)xv

ciscoiosMatch12.4\(11\)xv1

ciscoiosMatch12.4\(11\)xw

ciscoiosMatch12.4\(11\)xw3

ciscoiosMatch12.4\(11\)xw7

ciscoiosMatch12.4\(11\)xw10

ciscoiosMatch12.4\(11\)xw8

ciscoiosMatch12.4\(11\)xw9

ciscoiosMatch12.4\(11\)xw6

ciscoiosMatch12.4\(11\)xw4

ciscoiosMatch12.4\(11\)xw1

ciscoiosMatch12.4\(11\)xw5

ciscoiosMatch12.4\(11\)xw2

ciscoiosMatch12.4\(15\)xy4

ciscoiosMatch12.4\(15\)xy5

ciscoiosMatch12.4\(15\)xy1

ciscoiosMatch12.4\(15\)xy

ciscoiosMatch12.4\(15\)xy2

ciscoiosMatch12.4\(15\)xy3

ciscoiosMatch12.4\(15\)xz

ciscoiosMatch12.4\(15\)xz2

ciscoiosMatch12.4\(15\)xz1

ciscoiosMatch12.4\(15\)xl3

ciscoiosMatch12.4\(15\)xl1

ciscoiosMatch12.4\(15\)xl2

ciscoiosMatch12.4\(15\)xl4

ciscoiosMatch12.4\(15\)xl5

ciscoiosMatch12.4\(15\)xl

ciscoiosMatch12.4\(15\)xm1

ciscoiosMatch12.4\(15\)xm2

ciscoiosMatch15.0\(1\)m1

ciscoiosMatch15.0\(1\)m5

ciscoiosMatch15.0\(1\)m4

ciscoiosMatch15.0\(1\)m3

ciscoiosMatch15.0\(1\)m2

ciscoiosMatch15.0\(1\)m6

ciscoiosMatch15.0\(1\)m

ciscoiosMatch15.0\(1\)xa2

ciscoiosMatch15.0\(1\)xa4

ciscoiosMatch15.0\(1\)xa1

ciscoiosMatch15.0\(1\)xa3

ciscoiosMatch15.0\(1\)xa

ciscoiosMatch15.0\(1\)xa5

ciscoiosMatch15.1\(2\)t

ciscoiosMatch15.1\(1\)t1

ciscoiosMatch15.1\(2\)t0a

ciscoiosMatch15.1\(1\)t3

ciscoiosMatch15.1\(2\)t3

ciscoiosMatch15.1\(1\)t2

ciscoiosMatch15.1\(3\)t

ciscoiosMatch15.1\(2\)t2a

ciscoiosMatch15.1\(3\)t1

ciscoiosMatch15.1\(1\)t

ciscoiosMatch15.1\(2\)t2

ciscoiosMatch15.1\(2\)t1

ciscoiosMatch15.1\(1\)xb

ciscoiosMatch15.1\(1\)xb3

ciscoiosMatch15.1\(1\)xb1

ciscoiosMatch15.1\(1\)xb2

ciscoiosMatch15.1\(4\)xb4

ciscoiosMatch15.0\(1\)s2

ciscoiosMatch15.0\(1\)s1

ciscoiosMatch15.0\(1\)s

ciscoiosMatch15.0\(1\)s4

ciscoiosMatch12.4\(20\)mrb

ciscoiosMatch12.4\(20\)mrb1

ciscoiosMatch15.1\(2\)s

ciscoiosMatch15.1\(1\)s

ciscoiosMatch15.1\(1\)s1

ciscoiosMatch15.1\(2\)s1

ciscoiosMatch15.1\(4\)m

ciscoiosMatch15.1\(4\)m0a

ciscoiosMatch15.1\(4\)m0b

ciscoiosMatch15.1\(2\)gc

ciscoiosMatch15.1\(2\)gc1

ciscoiosMatch12.4\(24\)ys3

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-sip

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.014

Percentile

86.2%

JSON

Related for CISCO-SA-20110928-SIP