CVE-2009-0636

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0 through 12.4

Description A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software, allowing remote attackers to cause a reload of the Cisco IOS device via a valid SIP message. This can result in a denial of service (device crash).

Recommendations For Cisco IOS versions 12.0 through 12.4, update to a version that includes the software updates released by Cisco to address this vulnerability. As a temporary workaround, consider disabling SIP if the Cisco IOS device does not need to run SIP for VoIP services. Mitigation techniques are available to help limit exposure to the vulnerability.