Vulnerability Note VU#438176
Cisco IOS fails to properly handle Session Initiated Protocol packets
Cisco devices that run IOS and support voice traffic fail to properly handle Session Initiated Protocol packets. Exploitation of this vulnerability may result in a denial-of-service condition.
Cisco IOS is an operating system that is used on Cisco network devices. According to Cisco, "Session Initiation Protocol (SIP) is the Internet Engineering Task Force's (IETF's) standard for multimedia conferencing over IP. SIP is an ASCII-based, application-layer control protocol (defined in RFC 2543) that can be used to establish, maintain, and terminate calls between two or more end points." SIP typically operates on ports 5060/udp and 5060/tcp.
Cisco devices that run IOS and support voice traffic may have SIP enabled by default but not properly configured. Cisco devices with this configuration contain an unspecified vulnerability that may cause the device to reboot when a SIP packet is processed.
A remote, unauthenticated attacker with the ability to send a specially crafted packet to an affected Cisco device may be able to cause that device to reboot. Sustained exploitation of this vulnerability may result in a denial-of-service. Because devices running IOS may transit traffic for a number of other networks, the secondary impacts of a denial of service may be severe.
Turn off SIP processing
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||-||31 Jan 2007|
CVSS Metrics (Learn More)
This vulnerability was reported in Cisco Security Advisory: cisco-sa-20070131-sip.
This document was written by Jeff Gennari based on information from Cisco.
- CVE IDs: CVE-2007-0648
- Date Public: 31 Jan 2007
- Date First Published: 31 Jan 2007
- Date Last Updated: 08 Feb 2007
- Severity Metric: 33.08
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.