Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Multiple Cisco products contain vulnerabilities in the processing of
Session Initiation Protocol (SIP) INVITE messages. These
vulnerabilities were identified by the University of Oulu Secure
Programming Group (OUSPG) "PROTOS" Test Suite for SIP and can be
repeatedly exploited to produce a denial of service.

See also :

https://www.ee.oulu.fi/research/ouspg/PROTOS_Test-Suite_c07-sip
http://www.nessus.org/u?d6cc6d97
http://www.nessus.org/u?089e2d67

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20030221-protos.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48969 (cisco-sa-20030221-protoshttp.nasl)

Bugtraq ID: 6904

CVE ID: CVE-2003-1109