Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco IOS and Cisco IOS XE Session Initiation Protocol DoS Vulnerability -CSCul46586

A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device.


 The vulnerability is due to incorrect processing of specific SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message on an established call or initiating a call that includes the crafted SIP message, which would trigger a device reload. Only traffic destined to the device can trigger the vulnerability; transit SIP traffic is not an exploit vector. This vulnerability can be exploited with SIP over IP version 4 (IPv4) or IP version 6 (IPv6) communications protocol. This vulnerability can be exploited with SIP over UDP traffic or SIP over TCP traffic.


Question: Does this vulnerability also apply to SIP-TLS sessions?

Everyone's tags (1)
CreatePlease to create content