CVE-2008-3799

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4

Description A memory leak in the Session Initiation Protocol (SIP) implementation allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. Multiple vulnerabilities exist in the SIP implementation that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device.

Recommendations For Cisco IOS versions 12.2 through 12.4, update to a fixed version of Cisco IOS software that contains fixes for all vulnerabilities addressed in this advisory. As a temporary workaround, consider disabling the SIP protocol or feature itself if administrators do not require the Cisco IOS device to provide voice over IP services.