CVE-2010-0580Code Injection in Cisco IOS

CWE-399CWE-94Code Injection6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.9%
top 11.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 25
Latest updateMay 2

Description

Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/ios43 versions+42

Patches

Patch: tools.cisco.comPatch: www.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-crxg-42h5-fw55: Unspecified vulnerability in the SIP implementation in Cisco IOS 122022-05-02
CVEList
CVE-2010-0580: Unspecified vulnerability in the SIP implementation in Cisco IOS 122010-03-25

📋Vendor Advisories

1
Cisco
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities2010-03-24

📄Research Papers

1
arXiv
Formal Black-Box Analysis of Routing Protocol Implementations2017-09-23

💬Community

1
Bugzilla
CVE-2009-2696 tomcat: missing fix for CVE-2009-07812010-07-21
CVE-2010-0580 — Code Injection in Cisco IOS | cvebase