SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#438176

Cisco IOS fails to properly handle Session Initiated Protocol packets

Overview

Cisco devices that run IOS and support voice traffic fail to properly handle Session Initiated Protocol packets. Exploitation of this vulnerability may result in a denial-of-service condition.

I. Description

Cisco IOS is an operating system that is used on Cisco network devices. According to Cisco, "Session Initiation Protocol (SIP) is the Internet Engineering Task Force's (IETF's) standard for multimedia conferencing over IP. SIP is an ASCII-based, application-layer control protocol (defined in RFC 2543) that can be used to establish, maintain, and terminate calls between two or more end points." SIP typically operates on ports 5060/udp and 5060/tcp.

Cisco devices that run IOS and support voice traffic may have SIP enabled by default but not properly configured. Cisco devices with this configuration contain an unspecified vulnerability that may cause the device to reboot when a SIP packet is processed.

For more information, including a list of affected products and versions of IOS refer to Cisco Security Advisory: cisco-sa-20070131-sip.

II. Impact

A remote, unauthenticated attacker with the ability to send a specially crafted packet to an affected Cisco device may be able to cause that device to reboot. Sustained exploitation of this vulnerability may result in a denial-of-service. Because devices running IOS may transit traffic for a number of other networks, the secondary impacts of a denial of service may be severe.

III. Solution

Upgrade to an unaffected version of IOS

See the Software Version and Fixes section of Cisco Security Advisory: cisco-sa-20070131-sip for information on available upgrades.

Turn off SIP processing

Disabling SIP if it is not needed will prevent this vulnerability from being exploited. For instructions on how to turn off SIP processing, refer to the Workarounds section of Cisco Security Advisory cisco-sa-20070131-sip.

Restrict Access

Cisco does not have any examples of a properly configured SIP router being affected by this vulnerability. If you do not need SIP processed on your router, you can also restrict public access to SIP (udp 5060 and TCP 5060) on your router from the edge of your network.

Other workarounds and mitigation strategies can be found in the Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the SIP Packet Reloads IOS Devices Not Configured for SIP Vulnerability document.

Systems Affected

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Vulnerable31-Jan-2007

References


http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml
http://www.cisco.com/en/US/products/products_security_response09186a00807d36f5.html
http://secunia.com/advisories/23978/
http://www.cisco.com/univercd/cc/td/doc/product/voice/sipsols/biggulp/bgsipov.htm
http://tools.ietf.org/html/rfc2543
http://securitytracker.com/alerts/2007/Jan/1017575.html
http://www.securityfocus.com/bid/22330

Credit

This vulnerability was reported in Cisco Security Advisory: cisco-sa-20070131-sip.

This document was written by Jeff Gennari based on information from Cisco.

Other Information

Date Public:2007-01-31
Date First Published:2007-01-31
Date Last Updated:2007-02-08
CERT Advisory: 
CVE-ID(s):CVE-2007-0648
NVD-ID(s):CVE-2007-0648
US-CERT Technical Alerts: 
Metric:33.08
Document Revision:18

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader