Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios_xe | Cisco | 3.8.0s (including) | 3.8.0s (including) |
| Ios_xe | Cisco | 3.8.1s (including) | 3.8.1s (including) |
| Ios_xe | Cisco | 3.8.2s (including) | 3.8.2s (including) |
| Ios_xe | Cisco | 3.9.0as (including) | 3.9.0as (including) |
| Ios_xe | Cisco | 3.9.0s (including) | 3.9.0s (including) |
| Ios_xe | Cisco | 3.9.1as (including) | 3.9.1as (including) |
| Ios_xe | Cisco | 3.9.1s (including) | 3.9.1s (including) |
| Ios_xe | Cisco | 3.9.2s (including) | 3.9.2s (including) |
| Ios_xe | Cisco | 3.10.0s (including) | 3.10.0s (including) |
| Ios_xe | Cisco | 3.10.1s (including) | 3.10.1s (including) |
| Ios_xe | Cisco | 3.10.1xbs (including) | 3.10.1xbs (including) |
| Ios_xe | Cisco | 3.10.2s (including) | 3.10.2s (including) |
| Ios_xe | Cisco | 3.11.0s (including) | 3.11.0s (including) |
| Thinkcentre_e75s_firmware | Lenovo | * | m16kt61a (excluding) |
| X14j_firmware | Samsung | t-ms14jakucb-1102.5 (including) | t-ms14jakucb-1102.5 (including) |
| Opensolaris | Sun | snv_124 (including) | snv_124 (including) |
| Gs1900-10hp_firmware | Zyxel | * | 2.50(aazi.0)c0 (excluding) |
| Keymouse_firmware | Zzinc | 3.08 (including) | 3.08 (including) |
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip
- http://www.securityfocus.com/bid/85372
- http://www.securitytracker.com/id/1035420
- http://www.securitytracker.com/id/1035421
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip
- http://www.securityfocus.com/bid/85372
- http://www.securitytracker.com/id/1035420
- http://www.securitytracker.com/id/1035421