CVE-2013-1166

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.2 through 3.4 before 3.4.5S Cisco IOS XE versions 3.5 through 3.7 before 3.7.1S

Description The issue allows remote attackers to cause a denial of service (card reload) by sending many SIP packets when VRF-aware NAT and SIP ALG are enabled. Successful exploitation could trigger a reload of the Embedded Services Processors (ESP) card or the Route Processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition.

Recommendations For Cisco IOS XE versions 3.2 through 3.4 before 3.4.5S, update to version 3.4.5S or later. For Cisco IOS XE versions 3.5 through 3.7 before 3.7.1S, update to version 3.7.1S or later. As a temporary workaround, consider disabling the SIP ALG feature until a patch is available. Restrict access to the vulnerable SIP traffic to minimize the risk of exploitation.