CVE-2009-2867

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2XNA through 12.2XND Cisco IOS versions 12.4T Cisco IOS versions 12.4XZ Cisco IOS versions 12.4YA

Description The issue allows remote attackers to cause a denial of service (device reload) via a crafted SIP transit packet when Zone-Based Policy Firewall SIP Inspection is enabled. Exploitation of the issue could result in a reload of the affected device.

Recommendations For Cisco IOS versions 12.2XNA through 12.2XND, update to a version that includes the fix for this issue. For Cisco IOS versions 12.4T, update to a version that includes the fix for this issue. For Cisco IOS versions 12.4XZ, update to a version that includes the fix for this issue. For Cisco IOS versions 12.4YA, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the SIP inspection feature in the Zone-Based Policy Firewall until a patch is available.