CVE-2014-3360

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.4 and 15.0 through 15.4 Cisco IOS XE versions 3.1.xS through 3.7.xS before 3.7.6S Cisco IOS XE versions 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S Cisco IOS XE version 3.11.xS before 3.12S

Description A vulnerability in the Session Initiation Protocol (SIP) implementation could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this issue, affected devices must be configured to process SIP messages.

Recommendations For Cisco IOS versions 12.4 and 15.0 through 15.4, update to a fixed version. For Cisco IOS XE versions 3.1.xS through 3.7.xS, update to version 3.7.6S or later. For Cisco IOS XE versions 3.8.xS, 3.9.xS, and 3.10.xS, update to version 3.10.1S or later. For Cisco IOS XE version 3.11.xS, update to version 3.12S or later. As a temporary workaround, consider disabling SIP processing on devices where it is not necessary to minimize the risk of exploitation.