Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities

This script is (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP)
implementation in Cisco IOS that can be exploited remotely to trigger a
memory leak or to cause a reload of the IOS device.
Cisco has released free software updates that address these
vulnerabilities. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from disabling the protocol or feature
itself, if administrators do not require the Cisco IOS device to
provide voice over IP services.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49025 (cisco-sa-20080924-siphttp.nasl)

Bugtraq ID: 31361

CVE ID: CVE-2008-3799

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now