CVE-2011-0939

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.4, 15.0, and 15.1 Cisco IOS XE versions 2.5.x through 3.2.x

Description The issue is related to multiple errors in the implementation of the Session Initiation Protocol (SIP) in Cisco IOS and Cisco IOS XE Software. An unauthenticated, remote attacker can cause a reload of an affected device or trigger memory leaks that may result in system instabilities by sending specially crafted SIP messages. The affected devices must be configured to process SIP messages for these vulnerabilities to be exploitable.

Recommendations For Cisco IOS versions 12.4, 15.0, and 15.1, update to a version that includes the fix for the SIP vulnerabilities. For Cisco IOS XE versions 2.5.x through 3.2.x, update to a version that includes the fix for the SIP vulnerabilities. As a temporary workaround, consider disabling SIP processing on devices that do not require it, or apply mitigations to limit exposure to the vulnerabilities.