CVE-2010-0580

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.3 through 12.4

Description The issue is related to an unspecified vulnerability in the SIP implementation, allowing remote attackers to execute arbitrary code via a malformed SIP message. Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.

Recommendations For Cisco IOS versions 12.3 through 12.4, update to a version that addresses these vulnerabilities, as software updates have been released by Cisco. For devices that must run SIP, there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities. As a temporary workaround, consider disabling SIP operation until a patch is available. Restrict access to SIP functionality to minimize the risk of exploitation.