CVE-2019-12654

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE Software (affected versions not specified)

Description A vulnerability in the common Session Initiation Protocol (SIP) library could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device, causing a NULL pointer dereference and resulting in a crash of the iosd process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.