CVE-2010-0579

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.3 through 12.4

Description The SIP implementation in Cisco IOS allows remote attackers to cause a denial of service via a malformed SIP message. Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.

Recommendations For devices running Cisco IOS versions 12.3 through 12.4, update to a newer version that addresses these vulnerabilities. For devices that must run SIP, there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities. As a temporary workaround, consider disabling SIP operation until a patch is available. Restrict access to SIP to minimize the risk of exploitation.