CVE-2010-0579Code Injection in Cisco IOS

CWE-399CWE-94Code Injection5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.7%
top 27.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 25
Latest updateMay 2

Description

The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios43 versions+42

Patches

Patch: tools.cisco.comPatch: www.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-j4cp-47vm-442g: The SIP implementation in Cisco IOS 122022-05-02
CVEList
CVE-2010-0579: The SIP implementation in Cisco IOS 122010-03-25

📋Vendor Advisories

1
Cisco
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities2010-03-24

💬Community

1
Bugzilla
CVE-2009-0579 pam: MINDAYS not respected by pam for password changing [F10]2009-02-24
CVE-2010-0579 — Code Injection in Cisco IOS | cvebase