This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Cisco devices running an affected version of Internetwork Operating
System (IOS) which supports Session Initiation Protocol (SIP) are
affected by a vulnerability that may lead to a reload of the device
when receiving a specific series of packets destined to port 5060. This
issue is compounded by a related bug which allows traffic to TCP 5060
and UDP port 5060 on devices not configured for SIP.
There are no known instances of intentional exploitation of this issue.
However, Cisco has observed data streams that appear to be
unintentionally triggering the vulnerability.
Workarounds exist to mitigate the effects of this problem on devices
which do not require SIP.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true
Nessus Plugin ID: 48999 (cisco-sa-20070131-siphttp.nasl)
Bugtraq ID: 22330
CVE ID: CVE-2007-0648
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.