CVE-2011-2072

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.4, 15.0, and 15.1 Cisco IOS XE versions 2.5.x through 3.2.x Cisco Unified Communications Manager (CUCM) versions 6.x and 7.x before 7.1(5b)su4 Cisco Unified Communications Manager (CUCM) versions 8.x before 8.5(1)su2 Cisco Unified Communications Manager (CUCM) versions 8.6 before 8.6(1)

Description A memory leak in the Session Initiation Protocol (SIP) implementation allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message. The vulnerability can be exploited if the affected device is configured to process SIP messages.

Recommendations For Cisco IOS versions 12.4, 15.0, and 15.1, update to a fixed version of Cisco IOS Software. For Cisco IOS XE versions 2.5.x through 3.2.x, update to a fixed version of Cisco IOS XE Software. For Cisco Unified Communications Manager (CUCM) versions 6.x and 7.x, update to version 7.1(5b)su4 or later. For Cisco Unified Communications Manager (CUCM) versions 8.x, update to version 8.5(1)su2 or later. For Cisco Unified Communications Manager (CUCM) versions 8.6, update to version 8.6(1) or later. As a temporary workaround, consider restricting SIP message processing on affected devices to minimize the risk of exploitation.