85816 : Cisco IOS / Unified Communications Manager (CUCM) Malformed SIP Message SDP Message Parsing Remote DoS
Printer | http://osvdb.org/85816 | Email This | Edit Vulnerability

Views This Week Views All Time Added to OSVDB Last Modified Modified (since 2008) Percent Complete
11 471 8 months ago 4 months ago 18 times 100%

Timeline
Disclosure Date
2012-09-27

Description

Cisco IOS and Unified Communications Manager (CUCM) contains a flaw that may allow a remote denial of service. The issue is triggered during the processing of a malformed Session Initiation Protocol (SIP) message that contains a valid Session Description Protocol (SDP) message. With a specially crafted SIP packet in this message, a remote attacker can cause a loss of availability for the program.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Voice over IP

Solution

Upgrade to the version specified by the vendor or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the workaround described in the vendor advisory.

Products
Cisco Systems, Inc.
Cisco IOS
 12.2B
12.2BX
12.2CZ
12.2MC
12.2T
12.2YC
12.2YT
12.2ZC
12.2ZD
12.2ZJ
12.2ZP
12.3JK
12.3TPC
12.3XA
12.3XB
12.3XC
12.3XD
12.3XE
12.3XF
12.3XG
12.3XI
12.3XJ
12.3XK
12.3XL
12.3XQ
12.3XR
12.3XU
12.3XW
12.3XX
12.3XY
12.3XZ
12.3YF
12.3YG
12.3YK
12.3YM
12.3YQ
12.3YS
12.3YT
12.3YU
12.3YX
12.3YZ
12.4GC
12.4MR
12.4MRA
12.4MRB
12.4(15)T17
12.4(24)T7
12.4XA
12.4XB
12.4XC
12.4XD
12.4XE
12.4XG
12.4XJ
12.4XL
12.4XM
12.4XP
12.4XT
12.4XV
12.4XW
12.4XY
12.4XZ
12.4YA
12.4YB
15.0M
15.0XA
15.1GC
15.1SV
15.1T
15.1XB
15.2(1)T3
15.2(2)T2
15.2(3)T
Unified Communications Manager
 7.1(5)
8.0(3)
6.1(1)
6.1(1a)
6.1(2)
6.1(3)
6.1(4)
6.1(5)
6.0(1b)
6.1(3a)
6.1(3b)
6.1(4a)
6.1(4b)
7.1(5b)su4
7.1(5b)su3
7.1(5b)su2
7.1(5b)su1a
7.1(5b)su1
7.1((5b)
7.1(5a)
7.1(3b)
7.1(3a)
7.1(3)
7.1(2b)
7.1(2a)
7.1(2)
7.1(1)
8.5(1)su3
8.5(1)su2
8.5(1)su1)
8.0(3a)
8.0(2c)
8.0(2b)
8.0(2a)
8.0(2)
8.0(1)
8.0
6.0(1a)
IOS XE
 2.1.x
2.2.x
2.3.x
2.4.x
2.5.x
2.6.x
3.1.xS
3.1.xSG
3.2.xSG
3.2.xXO
3.3.xS
3.4.xS
3.5.xS

References

Credit

CVSSv2 Score

CVSSv2 Base Score = 7.8
Source: nvd.nist.gov | Generated: 2012-09-27 | Disagree?

Access_vector_2 Access_complexity_2 Authentication_2 Confidentiality_impact_0 Integrity_impact_0 Availability_impact_2

Comments

Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use