PT-2014-1319 · Cisco · Cisco Ios Xe+1

Publicado

2014-03-26

Atualizado

2014-03-28

CVE-2014-2106

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.3M before 15.3(3)M2 Cisco IOS XE versions 3.10.xS before 3.10.2S

Description A vulnerability in the Session Initiation Protocol (SIP) implementation allows an unauthenticated, remote attacker to cause a reload of an affected device via crafted SIP messages. Affected devices must be configured to process SIP messages to be exploited. The estimated number of potentially affected devices is not specified.

Recommendations For Cisco IOS versions 15.3M before 15.3(3)M2, update to version 15.3(3)M2 or later. For Cisco IOS XE versions 3.10.xS before 3.10.2S, update to version 3.10.2S or later. As a temporary workaround, consider disabling SIP processing on affected devices until a patch is available. Mitigations are available to limit exposure to this vulnerability, such as restricting access to SIP messages.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2015-00166

CVE-2014-2106

Produtos afetados

Cisco Ios

Cisco Ios Xe

PT-2014-1319 · Cisco · Cisco Ios Xe+1

CVE-2014-2106

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6