Cisco IOS SIP Message (CVE-2010-0580) Denial of Service Vulnerability

Bugtraq ID:	38929
Class:	Design Error
CVE:	CVE-2010-0580
Remote:	Yes
Local:	No
Published:	Mar 24 2010 12:00AM
Updated:	Mar 30 2010 04:52PM
Credit:	Cisco
Vulnerable:	Cisco IOS 12.4YG Cisco IOS 12.4YE Cisco IOS 12.4YB Cisco IOS 12.4YA Cisco IOS 12.4XT Cisco IOS 12.4XR Cisco IOS 12.4XP Cisco IOS 12.4XD Cisco IOS 12.4XB Cisco IOS 12.4XA Cisco IOS 12.4T Cisco IOS 12.4SW Cisco IOS 12.4MR Cisco IOS 12.4MD Cisco IOS 12.4GC Cisco IOS 12.4 Cisco IOS 12.3ZA Cisco IOS 12.3YZ Cisco IOS 12.3YX Cisco IOS 12.3YU Cisco IOS 12.3YT Cisco IOS 12.3YS Cisco IOS 12.3YQ Cisco IOS 12.3YM Cisco IOS 12.3YK Cisco IOS 12.3YG Cisco IOS 12.3YF Cisco IOS 12.3XY Cisco IOS 12.3XX Cisco IOS 12.3XW Cisco IOS 12.3XU Cisco IOS 12.3XR Cisco IOS 12.3XQ Cisco IOS 12.3XL Cisco IOS 12.3XK Cisco IOS 12.3XJ Cisco IOS 12.3XI Cisco IOS 12.3XG Cisco IOS 12.3XF Cisco IOS 12.3XD Cisco IOS 12.3T Cisco IOS 12.3JK
Not Vulnerable:	Cisco IOS 15.0M Cisco IOS 15.0(1)M1 Cisco IOS 12.4XN Cisco IOS 12.4(9)MR Cisco IOS 12.4(25c) Cisco IOS 12.4(24)YE Cisco IOS 12.4(24)T3 Cisco IOS 12.4(24)T2 Cisco IOS 12.4(24)MD Cisco IOS 12.4(22)YE2 Cisco IOS 12.4(22)YB5 Cisco IOS 12.4(22)XR3 Cisco IOS 12.4(22)T3 Cisco IOS 12.4(22)MDA2 Cisco IOS 12.3(11)YK3

Cisco IOS SIP Message (CVE-2010-0580) Denial of Service Vulnerability

Cisco IOS is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected device to crash and reload, denying service to legitimate users.

This issue is tracked by Cisco Bug ID CSCsz48680.

Cisco IOS SIP Message (CVE-2010-0580) Denial of Service Vulnerability

To exploit this issue, attackers can use readily available network utilities.

Cisco IOS SIP Message (CVE-2010-0580) Denial of Service Vulnerability

References:

• Cisco IOS Homepage (Cisco Systems)
  
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial o (Cisco)