Title: Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
Severity: HIGH
Description:
Cisco IOS and Unified Communications Manager are prone to multiple denial-of-service and code-execution vulnerabilities.
The vulnerability documented by Cisco Bug ID CSCsi80102 is the only issue affecting Cisco Unified Communications Manager (CUCM). All issues affect Cisco IOS as listed in the vulnerable packages section.
Multiple vulnerabilities occur when handling malformed SIP packets and are documented in the following Cisco Bug IDs:
The following issues can be exploited to cause denial-of-service conditions and may be exploited to execute arbitrary code:
CSCsi80749 - A crash occurs while processing a malformed SIP packet
CSCsi80102 CUCM - A crash occurs while processing a malformed SIP packet
The following issues can be exploited to cause denial-of-service conditions:
CSCsf11855 - A crash occurs while processing a malformed SIP packet
CSCeb21064 - A crash occurs while processing a malformed SIP packet
CSCse40276 - The router can be crashed by a malformed SIP message
CSCse68355 - The router can be crashed by a malformed SIP packet
CSCsf30058 - A memory leak occurs when processing a malformed SIP message
CSCsb24007 - Memory corruption and unexpected reload on receiving a SIP packet
CSCsc60249 - A crash occurs while processing a malformed SIP packet
Multiple MGCP-related vulnerabilities are documented in the following Cisco Bug IDs:
CSCsf08998 - MGCP will stop responding after receiving a malformed packet
CSCsd81407 - The router will crash on receiving abnormal MGCP messages
Multiple H.323-signaling related vulnerabilities are documented in the following Cisco Bug IDs:
CSCsi60004 - H323 Proxy Unregistration from Gatekeeper
CSCsg70474 - IOS FW with h323 inspect crashes when malformed H.323 packets are received
Multiple Real-time Transport Protocol-related (RTP) vulnerabilities are documented in the following Cisco Bug IDs:
CSCse68138 - An issue in handling specific packets in VOIP RTP Lib
CSCse05642 - I/O memory corruption can cause a crash on a router
A Facsimile reception vulnerability is documented in the following Cisco Bug ID:
CSCej20505 - The router hangs when handling an overly large packet
A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions.
Affected Products:
- Cisco IOS 12.0
- Cisco IOS 12.0T
- Cisco IOS 12.0WC
- Cisco IOS 12.0XA
- Cisco IOS 12.0XC
- Cisco IOS 12.0XD
- Cisco IOS 12.0XE
- Cisco IOS 12.0XF
- Cisco IOS 12.0XG
- Cisco IOS 12.0XH
- Cisco IOS 12.0XI
- Cisco IOS 12.0XK
- Cisco IOS 12.0XL
- Cisco IOS 12.0XM
- Cisco IOS 12.0XN
- Cisco IOS 12.0XQ
- Cisco IOS 12.0XR
- Cisco IOS 12.0XV
- Cisco IOS 12.1
- Cisco IOS 12.1AA
- Cisco IOS 12.1E
- Cisco IOS 12.1EA
- Cisco IOS 12.1EC
- Cisco IOS 12.1EX
- Cisco IOS 12.1EY
- Cisco IOS 12.1EZ
- Cisco IOS 12.1GA
- Cisco IOS 12.1GB
- Cisco IOS 12.1T
- Cisco IOS 12.1XA
- Cisco IOS 12.1XB
- Cisco IOS 12.1XC
- Cisco IOS 12.1XD
- Cisco IOS 12.1XE
- Cisco IOS 12.1XF
- Cisco IOS 12.1XG
- Cisco IOS 12.1XH
- Cisco IOS 12.1XI
- Cisco IOS 12.1XJ
- Cisco IOS 12.1XK
- Cisco IOS 12.1XL
- Cisco IOS 12.1XM
- Cisco IOS 12.1XP
- Cisco IOS 12.1XQ
- Cisco IOS 12.1XR
- Cisco IOS 12.1XS
- Cisco IOS 12.1XT
- Cisco IOS 12.1XU
- Cisco IOS 12.1XV
- Cisco IOS 12.1XW
- Cisco IOS 12.1XY
- Cisco IOS 12.1XZ
- Cisco IOS 12.1YA
- Cisco IOS 12.1YB
- Cisco IOS 12.1YC
- Cisco IOS 12.1YD
- Cisco IOS 12.1YE
- Cisco IOS 12.1YF
- Cisco IOS 12.1YH
- Cisco IOS 12.1YI
- Cisco IOS 12.2
- Cisco IOS 12.2 ZW
- Cisco IOS 12.2 ZX
- Cisco IOS 12.2B
- Cisco IOS 12.2BW
- Cisco IOS 12.2BY
- Cisco IOS 12.2CZ
- Cisco IOS 12.2DD
- Cisco IOS 12.2DX
- Cisco IOS 12.2IXA
- Cisco IOS 12.2IXB
- Cisco IOS 12.2IXC
- Cisco IOS 12.2MC
- Cisco IOS 12.2S
- Cisco IOS 12.2SB
- Cisco IOS 12.2SBC
- Cisco IOS 12.2SRA
- Cisco IOS 12.2SRB
- Cisco IOS 12.2SU
- Cisco IOS 12.2SV
- Cisco IOS 12.2SW
- Cisco IOS 12.2SXA
- Cisco IOS 12.2SXB
- Cisco IOS 12.2SXD
- Cisco IOS 12.2SXE
- Cisco IOS 12.2SXF
- Cisco IOS 12.2SZ
- Cisco IOS 12.2T
- Cisco IOS 12.2TPC
- Cisco IOS 12.2VZ
- Cisco IOS 12.2XA
- Cisco IOS 12.2XB
- Cisco IOS 12.2XC
- Cisco IOS 12.2XD
- Cisco IOS 12.2XE
- Cisco IOS 12.2XG
- Cisco IOS 12.2XH
- Cisco IOS 12.2XI
- Cisco IOS 12.2XJ
- Cisco IOS 12.2XK
- Cisco IOS 12.2XL
- Cisco IOS 12.2XM
- Cisco IOS 12.2XN
- Cisco IOS 12.2XQ
- Cisco IOS 12.2XS
- Cisco IOS 12.2XT
- Cisco IOS 12.2XU
- Cisco IOS 12.2XV
- Cisco IOS 12.2XW
- Cisco IOS 12.2YA
- Cisco IOS 12.2YB
- Cisco IOS 12.2YC
- Cisco IOS 12.2YD
- Cisco IOS 12.2YE
- Cisco IOS 12.2YF
- Cisco IOS 12.2YG
- Cisco IOS 12.2YH
- Cisco IOS 12.2YJ
- Cisco IOS 12.2YK
- Cisco IOS 12.2YL
- Cisco IOS 12.2YM
- Cisco IOS 12.2YN
- Cisco IOS 12.2YP
- Cisco IOS 12.2YQ
- Cisco IOS 12.2YR
- Cisco IOS 12.2YS
- Cisco IOS 12.2YT
- Cisco IOS 12.2YU
- Cisco IOS 12.2YV
- Cisco IOS 12.2YW
- Cisco IOS 12.2YX
- Cisco IOS 12.2YY
- Cisco IOS 12.2YZ
- Cisco IOS 12.2ZB
- Cisco IOS 12.2ZC
- Cisco IOS 12.2ZD
- Cisco IOS 12.2ZE
- Cisco IOS 12.2ZF
- Cisco IOS 12.2ZG
- Cisco IOS 12.2ZH
- Cisco IOS 12.2ZJ
- Cisco IOS 12.2ZL
- Cisco IOS 12.2ZP
- Cisco IOS 12.2ZR
- Cisco IOS 12.2ZU
- Cisco IOS 12.2ZY
- Cisco IOS 12.3
- Cisco IOS 12.3B
- Cisco IOS 12.3T
- Cisco IOS 12.3TPC
- Cisco IOS 12.3XA
- Cisco IOS 12.3XB
- Cisco IOS 12.3XC
- Cisco IOS 12.3XD
- Cisco IOS 12.3XE
- Cisco IOS 12.3XF
- Cisco IOS 12.3XG
- Cisco IOS 12.3XH
- Cisco IOS 12.3XI
- Cisco IOS 12.3XJ
- Cisco IOS 12.3XK
- Cisco IOS 12.3XQ
- Cisco IOS 12.3XR
- Cisco IOS 12.3XS
- Cisco IOS 12.3XU
- Cisco IOS 12.3XW
- Cisco IOS 12.3XY
- Cisco IOS 12.3YA
- Cisco IOS 12.3YD
- Cisco IOS 12.3YF
- Cisco IOS 12.3YG
- Cisco IOS 12.3YH
- Cisco IOS 12.3YI
- Cisco IOS 12.3YK
- Cisco IOS 12.3YM
- Cisco IOS 12.3YQ
- Cisco IOS 12.3YS
- Cisco IOS 12.3YT
- Cisco IOS 12.3YU
- Cisco IOS 12.3YX
- Cisco IOS 12.3YZ
- Cisco IOS 12.4
- Cisco IOS 12.4MR
- Cisco IOS 12.4T
- Cisco IOS 12.4XA
- Cisco IOS 12.4XB
- Cisco IOS 12.4XC
- Cisco IOS 12.4XD
- Cisco IOS 12.4XE
- Cisco IOS 12.4XJ
- Cisco IOS 12.4XT
- Cisco IOS 12.4XV
- Cisco IOS 12.4XW
- Cisco Unified Communications Manager 5.1 (2a)
- Cisco Unified Communications Manager 5.1(1)
- Cisco Unified Communications Manager 5.1(2)
- Cisco Unified Communications Manager 6.0
- Cisco Unified Communications Manager 6.0(1)
References:
- Cisco: Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco Unified Co
- Cisco Systems: Cisco IOS Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
