CVE-2009-2051

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4 and 15.0 through 15.1 Cisco IOS XE versions 2.5.x and 2.6.x before 2.6.1 Cisco Unified Communications Manager versions 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2)

Description Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. The issue is triggered by a malformed SIP INVITE message that causes an improper call to the sipSafeStrlen function.

Recommendations For Cisco IOS versions 12.2 through 12.4 and 15.0 through 15.1, update to a fixed version. For Cisco IOS XE versions 2.5.x and 2.6.x before 2.6.1, update to version 2.6.1 or later. For Cisco Unified Communications Manager versions 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2), update to the respective fixed versions, 5.1(3g), 6.1(4), or 7.1(2). As a temporary workaround, consider disabling SIP operation on affected devices until a patch is available. Restrict access to SIP to minimize the risk of exploitation.