How to Buy
This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP)
implementation in Cisco IOS that can be exploited remotely to trigger a
memory leak or to cause a reload of the IOS device.
Cisco has released free software updates that address these
vulnerabilities. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from disabling the protocol or feature
itself, if administrators do not require the Cisco IOS device to
provide voice over IP services.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true
Nessus Plugin ID: 49025 (cisco-sa-20080924-siphttp.nasl)
Bugtraq ID: 31361
CVE ID: CVE-2008-3799CVE-2008-3800CVE-2008-3801CVE-2008-3802
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.