Published: 23/09/2010 Updated: 24/09/2010
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Cisco IOS 12.2 up to and including 12.4 and 15.0 up to and including 15.1, Cisco IOS XE 2.5.x and 2.6.x prior to 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x prior to 6.1(5)SU1, 7.x prior to 7.1(5), and 8.0 prior to 8.0(2) allow remote malicious users to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.

Affected Products

Vendor Product Versions
CiscoUnified Communications Manager6.0, 6.0(1.2114.1), 6.0(1.2121.1), 6.0(1b), 6.1(1), 6.1(1a), 6.1(1b), 6.1(2), 6.1(2)su1, 6.1(2)su1a, 6.1(3), 6.1(3a), 6.1(3b), 6.1(3b)su1, 6.1(4), 6.1(4)su1, 6.1(4a), 6.1(4a)su2, 6.1(5), 7.0, 7.0(1), 7.0(1)su1, 7.0(1)su1a, 7.0(2), 7.0(2a), 7.0(2a)su1, 7.0(2a)su2, 7.1(2a), 7.1(2a)su1, 7.1(2b), 7.1(2b)su1, 7.1(3), 7.1(3a), 7.1(3a)su1, 7.1(3a)su1a, 7.1(3b), 7.1(3b)su1, 7.1(3b)su2, 8.0, 8.0(1)
CiscoIos12.1, 12.1t, 12.1xi, 12.1xj, 12.1xl, 12.1xm, 12.1xp, 12.1xq, 12.1xr, 12.1xs, 12.1xt, 12.1xu, 12.1xv, 12.1xy, 12.1ya, 12.1yb, 12.1yc, 12.1yd, 12.1ye, 12.1yf, 12.1yh, 12.1yi, 12.2b, 12.2bw, 12.2bx, 12.2by, 12.2cz, 12.2dd, 12.2dx, 12.2ex, 12.2ira, 12.2irb, 12.2irc, 12.2ird, 12.2ire, 12.2ixa, 12.2ixb, 12.2ixc, 12.2ixd, 12.2ixe, 12.2ixf, 12.2ixg, 12.2ixh, 12.2mra, 12.2mrb, 12.2sbc, 12.2sca, 12.2scb, 12.2scc, 12.2scd, 12.2sg, 12.2sra, 12.2srb, 12.2sre, 12.2su, 12.2sv, 12.2sxa, 12.2sxb, 12.2sxd, 12.2sxe, 12.2sxf, 12.2sy, 12.2sz, 12.2t, 12.2tpc, 12.2xa, 12.2xb, 12.2xc, 12.2xd, 12.2xg, 12.2xh, 12.2xi, 12.2xj, 12.2xk, 12.2xl, 12.2xm, 12.2xn, 12.2xq, 12.2xs, 12.2xt, 12.2xu, 12.2xv, 12.2xw, 12.2ya, 12.2yb, 12.2yc, 12.2yd, 12.2ye, 12.2yf, 12.2yh, 12.2yj, 12.2yk, 12.2yl, 12.2ym, 12.2yn, 12.2yt, 12.2yu, 12.2yv, 12.2yw, 12.2yx, 12.2yy, 12.2yz, 12.2zc, 12.2zd, 12.2ze, 12.2zf, 12.2zh, 12.2zj, 12.2zl, 12.2zp, 12.2zu, 12.2zy, 12.2zya, 12.3, 12.3b, 12.3t, 12.3tpc, 12.3va, 12.3xa, 12.3xb, 12.3xc, 12.3xd, 12.3xe, 12.3xf, 12.3xg, 12.3xi, 12.3xj, 12.3xk, 12.3xl, 12.3xq, 12.3xr, 12.3xs, 12.3xu, 12.3xw, 12.3xx, 12.3xy, 12.3xz, 12.3ya, 12.3yd, 12.3yf, 12.3yg, 12.3yh, 12.3yi, 12.3yj, 12.3yk, 12.3ym, 12.3yq, 12.3ys, 12.3yt, 12.3yu, 12.3yx, 12.3yz, 12.3za, 12.4, 12.4gc, 12.4md, 12.4mda, 12.4mr, 12.4mra, 12.4sw, 12.4t, 12.4xa, 12.4xb, 12.4xc, 12.4xd, 12.4xe, 12.4xf, 12.4xg, 12.4xj, 12.4xk, 12.4xl, 12.4xm, 12.4xn, 12.4xp, 12.4xq, 12.4xr, 12.4xt, 12.4xv, 12.4xw, 12.4xy, 12.4xz, 12.4ya, 12.4yb, 12.4yd, 12.4ye, 12.4yg, 15.0m, 15.0s, 15.0xa, 15.1t, 15.1xb
CiscoIos Xe2.5.0, 2.5.1, 2.6.0, 2.6.1

Vendor Advisories

Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages Exploitation of these vulnerabilities could cause an interruption of voice services To address these vulnerabilities, Cisco has released free software updates There is a wor ...
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS® Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled Cisco has released software updates that address these vulnerabilities There are no workarounds for devices that ...