Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities (cisco-sa-20100324-sip)

critical Nessus Plugin ID 49054

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible. Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20100324-sip.

See Also

http://www.nessus.org/u?0566c9c4

Plugin Details

Severity: Critical

ID: 49054

File Name: cisco-sa-20100324-siphttp.nasl

Version: 1.21

Type: combined

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Patch Publication Date: 9/21/2012

Vulnerability Publication Date: 3/24/2010

Reference Information

CVE: CVE-2010-0579, CVE-2010-0580, CVE-2010-0581