CVE-2010-0581 — Code Injection in Cisco IOS

CWE-399 CWE-94 — Code Injection8 documents6 sources

Severity

10.0CRITICALNVD

EPSS

4.1%

top 11.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedMar 25

Latest updateMay 2

Description

Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/ios44 versions+43

Patches

Patch: tools.cisco.com ↗Patch: www.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-6jpg-grj3-vm57: Unspecified vulnerability in the SIP implementation in Cisco IOS 12↗2022-05-02

▶

CVEList

CVE-2010-0581: Unspecified vulnerability in the SIP implementation in Cisco IOS 12↗2010-03-25

▶

💥Exploits & PoCs

Exploit-DB

CA BrightStor ARCserve License Service - 'GCR NETWORK' Remote Buffer Overflow (Metasploit)↗2010-11-03

▶

Exploit-DB

Computer Associates License Client - GETCONFIG Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

Computer Associates License Server - GETCONFIG Overflow (Metasploit)↗2010-09-20

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities↗2010-03-24

▶

📄Research Papers

arXiv

Formal Black-Box Analysis of Routing Protocol Implementations↗2017-09-23

▶