CVE-2007-4294

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 5.0 through 6.0 Cisco IOS versions 12.0 through 12.4

Description The issue allows remote attackers to execute arbitrary code via a malformed SIP packet. Multiple voice-related vulnerabilities are identified in Cisco IOS software and Cisco Unified Communications Manager, pertaining to protocols or features such as Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), H.323, H.254, Real-time Transport Protocol (RTP), and facsimile reception.

Recommendations For Cisco Unified Communications Manager versions 5.0 through 6.0, update to a fixed version of the software. For Cisco IOS versions 12.0 through 12.4, update to a fixed version of the software. As a temporary workaround, consider disabling the affected protocols or features, such as SIP, MGCP, H.323, H.254, RTP, and facsimile reception, until a patch is available.