CVE-2010-0585

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.1 through 12.4

Description The issue allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message. Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.

Recommendations For Cisco IOS versions 12.1 through 12.4, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting the processing of SCCP messages to minimize the risk of exploitation.