CVE-2016-1350

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.3 and 15.4 Cisco IOS XE versions 3.8 through 3.11 Cisco Unified Communications Manager (affected versions not specified)

Description The issue is related to improper processing of malformed SIP messages, which could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to errors in resource management. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device.

Recommendations For Cisco IOS versions 15.3 and 15.4, update to a newer version that addresses this vulnerability. For Cisco IOS XE versions 3.8 through 3.11, update to a newer version that addresses this vulnerability. For Cisco Unified Communications Manager, update to a newer version that addresses this vulnerability. As a temporary workaround, consider disabling SIP on the vulnerable device until a patch is available.