| VID |
29102 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The version of the Cisco IOS has a denial of service vulnerability in Cisco IOS embedded call processing solutions (CISCO bug ID CSCee08584). Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/en/US/products/products_security_advisory09186a00803b3fff.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
* Platforms Affected:
Cisco IOS versions 12.1YD, 12.2T, 12.3 and 12.3T |
| Recommendation |
Upgrade to the fixed Cisco IOS version, as listed in "Software Versions and Fixes" of Cisco Security Advisory (Vulnerability in Cisco IOS Embedded Call Processing Solutions) at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml .
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com .
For details, see http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml . |
| Related URL |
(CVE) |
| Related URL |
12307 (SecurityFocus) |
| Related URL |
(ISS) |
|
