CVE-2003-1109

Name of the Vulnerable Software and Affected Versions Cisco IP Phone versions 7940 and 7960 Cisco IOS versions in the 12.2 train Cisco Secure PIX versions 5.2.9 through 6.2.2

Description The issue is related to a problem in the implementation of the Session Initiation Protocol (SIP) in various Cisco products. This allows remote attackers to cause a denial of service and possibly execute arbitrary code by sending specially crafted INVITE messages. The vulnerability can be exploited using crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Recommendations For Cisco IP Phone versions 7940 and 7960, consider disabling SIP protocol support until a patch is available. For Cisco IOS versions in the 12.2 train, restrict access to the SIP implementation to minimize the risk of exploitation. For Cisco Secure PIX versions 5.2.9 through 6.2.2, avoid using the SIP protocol in the affected versions until the issue is resolved.