Cisco devices are affected when they are running affected Cisco IOS Software releases that are configured to process SIP messages. The following Cisco IOS Software releases are affected by this vulnerability:
- 15.1(4)GC and 15.1(4)GC1
- 15.1(4)M4, 15.1(4)M5 and 15.1(4)M6
Recent releases of Cisco IOS Software do not process SIP messages by default. Creating a dial peer by issuing the dial-peer voice
configuration command will start the SIP processes, causing the Cisco IOS device to process SIP messages. In addition, several features within Cisco Unified Communications Manager Express, such as ePhones, will also automatically start the SIP process when they are configured, causing the device to start processing SIP messages. An example of an affected configuration follows:
dial-peer voice <Voice dial-peer tag> voip
In addition to inspecting the Cisco IOS device configuration for a dial-peer
command that causes the device to process SIP messages, administrators can also use the show processes | include SIP
command to determine whether Cisco IOS Software is running the processes that handle SIP messages. In the following example, the presence of the processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the Cisco IOS device will process SIP messages:
Router# show processes | include SIP
149 Mwe 40F48254 4 1 400023108/24000 0 CCSIP_UDP_SOCKET
150 Mwe 40F48034 4 1 400023388/24000 0 CCSIP_TCP_SOCKET
Because there are several ways that a device running Cisco IOS Software can start processing SIP messages, it is recommended that the show processes | include SIP
command be used to determine whether the device is processing SIP messages instead of relying on the presence of specific configuration commands.
To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version
command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version
command or may provide different output.
The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!–- output truncated
Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at: http://www.cisco.com/web/about/security/intelligence/ios-ref.html
Cisco IOS XE Software and Cisco Unified Communications Manager are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability.