Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability (cisco-sa-20130327-cce)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software contains a memory leak vulnerability that could be
triggered through the processing of malformed Session Initiation
Protocol (SIP) messages. Exploitation of this vulnerability could
cause an interruption of services. Only devices that are configured
for SIP inspection are affected by this vulnerability. Cisco has
released free software updates that address this vulnerability. There
are no workarounds for devices that must run SIP inspection.

See also :

http://www.nessus.org/u?3171f46f

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20130327-cce.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 65885 ()

Bugtraq ID: 58741

CVE ID: CVE-2013-1145