CVE-2011-3275

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.4, 15.0, and 15.1 Cisco IOS XE versions 2.5.x through 3.2.x

Description A memory leak in the Session Initiation Protocol (SIP) implementation allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message. Multiple vulnerabilities exist in the SIP implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.

Recommendations For Cisco IOS versions 12.4, 15.0, and 15.1, update to a version that includes the software updates released by Cisco to address these vulnerabilities. For Cisco IOS XE versions 2.5.x through 3.2.x, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider disabling SIP processing on devices that do not require it to minimize the risk of exploitation. Restrict access to SIP messages to limit exposure to the vulnerabilities.