A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Published : 2019-09-25 21:15 Updated : 2019-10-09 23:45

CVSS Score More info
Score 7.8 / 10
Vendor Product Version URI
Cisco Ios Xe 15.6%281%29s4.2 cpe:/o:cisco:ios_xe:15.6%281%29s4.2
Cisco Ios Xe 16.3.8 cpe:/o:cisco:ios_xe:16.3.8
Cisco Ios Xe 16.9.1 cpe:/o:cisco:ios_xe:16.9.1
  1. Cisco (1) Search CVE
    1. Ios Xe (3) Search CVE
      1. 15.6%281%29s4.2
      2. 16.3.8
      3. 16.9.1


ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-10-04 20:25
2019-09-25 21:32