CVE-2014-2106

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.3M before 15.3(3)M2 Cisco IOS XE versions 3.10.xS before 3.10.2S

Description A vulnerability in the Session Initiation Protocol (SIP) implementation allows an unauthenticated, remote attacker to cause a reload of an affected device via crafted SIP messages. Affected devices must be configured to process SIP messages to be exploited. The estimated number of potentially affected devices is not specified.

Recommendations For Cisco IOS versions 15.3M before 15.3(3)M2, update to version 15.3(3)M2 or later. For Cisco IOS XE versions 3.10.xS before 3.10.2S, update to version 3.10.2S or later. As a temporary workaround, consider disabling SIP processing on affected devices until a patch is available. Mitigations are available to limit exposure to this vulnerability, such as restricting access to SIP messages.