Executive Summary
Summary | |
---|---|
Title | Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20080924-sip | First vendor Publication | 2008-07-22 |
Vendor | Cisco | Last vendor Modification | 2008-09-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device. Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory. There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-772 | Missing Release of Resource after Effective Lifetime |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5889 | |||
Oval ID: | oval:org.mitre.oval:def:5889 | ||
Title: | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-3802 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5927 | |||
Oval ID: | oval:org.mitre.oval:def:5927 | ||
Title: | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability | ||
Description: | Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-3799 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6047 | |||
Oval ID: | oval:org.mitre.oval:def:6047 | ||
Title: | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-3801 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6086 | |||
Oval ID: | oval:org.mitre.oval:def:6086 | ||
Title: | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-3800 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48716 | Cisco IOS SIP Packet Handling Unspecified Remote DoS (3802) |
48715 | Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3801) |
48714 | Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3800) |
48713 | Cisco IOS SIP Packet Handling Memory Exhaustion Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080924-siphttp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:21:54 |
|