CERT-In Vulnerability Note
CIVN-2011-0177
Cisco IOS Software and Cisco Unified Communications Manager Session Initiation Protocol Packet Processing Memory Leak Vulnerability
Original Issue Date:November 11, 2011
Severity Rating: HIGH
Systems Affected
- Cisco Unified Communications Manager 6.x
- Cisco Unified Communications Manager 7.x
- Cisco Unified Communications Manager 8.x
Overview
A vulnerability has been reported in Cisco IOS Software and Cisco Unified Communications Manager that could allow a remote attacker to cause a denial of service condition on a targeted system.
Description
The vulnerability exists because of errors in processing malformed Session Initiation Protocol (SIP) packets. A remote attacker could exploit this vulnerability by sending malicious network requests to the targeted system to cause a DoS condition.
Solution
Apply appropriate fixed versions as mentioned in CISCO Security Advisory
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti75128
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtj09179
Vendor Information
Cisco
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti75128
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtj09179
References
Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=24525
CVE Name
CVE-2011-0941
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|