CVE-2009-0631

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0 through 12.4

Description A vulnerability in Cisco IOS allows remote attackers to cause a denial of service via a crafted UDP packet when configured with certain features such as IP Service Level Agreements (SLAs) Responder, Session Initiation Protocol (SIP), H.323 Annex E Call Signaling Transport, or Media Gateway Control Protocol (MGCP). This results in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, and transit traffic will not block the interface.

Recommendations For Cisco IOS versions 12.0 through 12.4, update to a version that includes the software updates released by Cisco to address this vulnerability. As a temporary workaround, consider disabling the affected features such as IP SLAs Responder, SIP, H.323 Annex E Call Signaling Transport, or MGCP until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using crafted UDP packets destined for the device until the issue is resolved.