SIP Packets Reload IOS Devices with support for SIP

high Nessus Plugin ID 48999

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.
There are no known instances of intentional exploitation of this issue.
However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.
Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20070131-sip.

See Also

http://www.nessus.org/u?063af0ee

http://www.nessus.org/u?4dfc145d

Plugin Details

Severity: High

ID: 48999

File Name: cisco-sa-20070131-siphttp.nasl

Version: 1.17

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/31/2007

Vulnerability Publication Date: 1/31/2007

Reference Information

CVE: CVE-2007-0648

BID: 22330

CERT: 438176

CISCO-SA: cisco-sa-20070131-sip

CISCO-BUG-ID: CSCsb25337, CSCsh58082