CVE-2010-2834

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4 and 15.0 through 15.1 Cisco IOS XE versions 2.5.x and 2.6.x before 2.6.1 Cisco Unified Communications Manager versions 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2)

Description Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. The issue can be triggered via crafted SIP registration traffic over UDP.

Recommendations For Cisco IOS versions 12.2 through 12.4 and 15.0 through 15.1, update to a fixed version to address the vulnerabilities. For Cisco IOS XE versions 2.5.x and 2.6.x before 2.6.1, update to version 2.6.1 or later. For Cisco Unified Communications Manager versions 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2), update to the respective fixed versions, 6.1(5)SU1, 7.1(5), or 8.0(2), to mitigate the issue. As a temporary workaround, consider disabling SIP operation on affected devices until a patch is available. Restrict access to SIP registration traffic over UDP to minimize the risk of exploitation.