CVE-2003-1109
First published: Wed Dec 31 2003(Updated: )
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =12.2\(1\)xa | |
| Cisco IOS | =12.2\(1\)xd | |
| Cisco IOS | =12.2\(1\)xd1 | |
| Cisco IOS | =12.2\(1\)xd3 | |
| Cisco IOS | =12.2\(1\)xd4 | |
| Cisco IOS | =12.2\(1\)xe | |
| Cisco IOS | =12.2\(1\)xe2 | |
| Cisco IOS | =12.2\(1\)xe3 | |
| Cisco IOS | =12.2\(1\)xh | |
| Cisco IOS | =12.2\(1\)xq | |
| Cisco IOS | =12.2\(1\)xs | |
| Cisco IOS | =12.2\(1\)xs1 | |
| Cisco IOS | =12.2\(2\)t4 | |
| Cisco IOS | =12.2\(2\)xa | |
| Cisco IOS | =12.2\(2\)xa1 | |
| Cisco IOS | =12.2\(2\)xa5 | |
| Cisco IOS | =12.2\(2\)xb | |
| Cisco IOS | =12.2\(2\)xb3 | |
| Cisco IOS | =12.2\(2\)xb4 | |
| Cisco IOS | =12.2\(2\)xf | |
| Cisco IOS | =12.2\(2\)xg | |
| Cisco IOS | =12.2\(2\)xh | |
| Cisco IOS | =12.2\(2\)xh2 | |
| Cisco IOS | =12.2\(2\)xh3 | |
| Cisco IOS | =12.2\(2\)xi | |
| Cisco IOS | =12.2\(2\)xi1 | |
| Cisco IOS | =12.2\(2\)xi2 | |
| Cisco IOS | =12.2\(2\)xj | |
| Cisco IOS | =12.2\(2\)xj1 | |
| Cisco IOS | =12.2\(2\)xk | |
| Cisco IOS | =12.2\(2\)xk2 | |
| Cisco IOS | =12.2\(2\)xn | |
| Cisco IOS | =12.2\(2\)xt | |
| Cisco IOS | =12.2\(2\)xt3 | |
| Cisco IOS | =12.2\(2\)xu | |
| Cisco IOS | =12.2\(2\)xu2 | |
| Cisco IOS | =12.2\(11\)t | |
| Cisco IOS | =12.2t | |
| Cisco IOS | =12.2xa | |
| Cisco IOS | =12.2xb | |
| Cisco IOS | =12.2xc | |
| Cisco IOS | =12.2xd | |
| Cisco IOS | =12.2xe | |
| Cisco IOS | =12.2xf | |
| Cisco IOS | =12.2xg | |
| Cisco IOS | =12.2xh | |
| Cisco IOS | =12.2xi | |
| Cisco IOS | =12.2xj | |
| Cisco IOS | =12.2xk | |
| Cisco IOS | =12.2xl | |
| Cisco IOS | =12.2xm | |
| Cisco IOS | =12.2xn | |
| Cisco IOS | =12.2xq | |
| Cisco IOS | =12.2xr | |
| Cisco IOS | =12.2xs | |
| Cisco IOS | =12.2xt | |
| Cisco IOS | =12.2xw | |
| Cisco VoIP Phone CP-7940 | ||
| Cisco VoIP Phone CP-7960 | ||
| Cisco PIX Firewall | =5.2\(1\) | |
| Cisco PIX Firewall | =5.2\(2\) | |
| Cisco PIX Firewall | =5.2\(3.210\) | |
| Cisco PIX Firewall | =5.2\(5\) | |
| Cisco PIX Firewall | =5.2\(6\) | |
| Cisco PIX Firewall | =5.2\(7\) | |
| Cisco PIX Firewall | =5.3 | |
| Cisco PIX Firewall | =5.3\(1\) | |
| Cisco PIX Firewall | =5.3\(1.200\) | |
| Cisco PIX Firewall | =5.3\(2\) | |
| Cisco PIX Firewall | =5.3\(3\) | |
| Cisco PIX Firewall | =6.0 | |
| Cisco PIX Firewall | =6.0\(1\) | |
| Cisco PIX Firewall | =6.0\(2\) | |
| Cisco PIX Firewall | =6.1\(2\) | |
| Cisco PIX Firewall | =6.2\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
- http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
- http://www.cert.org/advisories/CA-2003-06.html
- http://www.kb.cert.org/vuls/id/528719
- http://www.securityfocus.com/bid/6904
- http://www.securitytracker.com/id?1006143
- http://www.securitytracker.com/id?1006144
- http://www.securitytracker.com/id?1006145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
Frequently Asked Questions
What is the severity of CVE-2003-1109?
The severity of CVE-2003-1109 is critical due to its potential to cause a denial of service and execute arbitrary code.
How do I fix CVE-2003-1109?
To fix CVE-2003-1109, update the affected Cisco products to the latest available software versions provided by Cisco.
Which Cisco products are affected by CVE-2003-1109?
CVE-2003-1109 affects multiple Cisco products including IP Phone models 7940 and 7960, various versions of Cisco IOS, and Secure PIX Firewall versions.
What type of attack can exploit CVE-2003-1109?
CVE-2003-1109 can be exploited by sending crafted INVITE messages which may lead to a denial of service or arbitrary code execution.
Is there a patch available for CVE-2003-1109?
Yes, Cisco has released patches for CVE-2003-1109; affected users should apply these updates immediately.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/12.2\(1\)xa
- version/cisco ios/12.2\(1\)xd
- version/cisco ios/12.2\(1\)xd1
- version/cisco ios/12.2\(1\)xd3
- version/cisco ios/12.2\(1\)xd4
- version/cisco ios/12.2\(1\)xe
- version/cisco ios/12.2\(1\)xe2
- version/cisco ios/12.2\(1\)xe3
- version/cisco ios/12.2\(1\)xh
- version/cisco ios/12.2\(1\)xq
- version/cisco ios/12.2\(1\)xs
- version/cisco ios/12.2\(1\)xs1
- version/cisco ios/12.2\(2\)t4
- version/cisco ios/12.2\(2\)xa
- version/cisco ios/12.2\(2\)xa1
- version/cisco ios/12.2\(2\)xa5
- version/cisco ios/12.2\(2\)xb
- version/cisco ios/12.2\(2\)xb3
- version/cisco ios/12.2\(2\)xb4
- version/cisco ios/12.2\(2\)xf
- version/cisco ios/12.2\(2\)xg
- version/cisco ios/12.2\(2\)xh
- version/cisco ios/12.2\(2\)xh2
- version/cisco ios/12.2\(2\)xh3
- version/cisco ios/12.2\(2\)xi
- version/cisco ios/12.2\(2\)xi1
- version/cisco ios/12.2\(2\)xi2
- version/cisco ios/12.2\(2\)xj
- version/cisco ios/12.2\(2\)xj1
- version/cisco ios/12.2\(2\)xk
- version/cisco ios/12.2\(2\)xk2
- version/cisco ios/12.2\(2\)xn
- version/cisco ios/12.2\(2\)xt
- version/cisco ios/12.2\(2\)xt3
- version/cisco ios/12.2\(2\)xu
- version/cisco ios/12.2\(2\)xu2
- version/cisco ios/12.2\(11\)t
- version/cisco ios/12.2t
- version/cisco ios/12.2xa
- version/cisco ios/12.2xb
- version/cisco ios/12.2xc
- version/cisco ios/12.2xd
- version/cisco ios/12.2xe
- version/cisco ios/12.2xf
- version/cisco ios/12.2xg
- version/cisco ios/12.2xh
- version/cisco ios/12.2xi
- version/cisco ios/12.2xj
- version/cisco ios/12.2xk
- version/cisco ios/12.2xl
- version/cisco ios/12.2xm
- version/cisco ios/12.2xn
- version/cisco ios/12.2xq
- version/cisco ios/12.2xr
- version/cisco ios/12.2xs
- version/cisco ios/12.2xt
- version/cisco ios/12.2xw
- canonical/cisco voip phone cp-7940
- canonical/cisco voip phone cp-7960
- canonical/cisco pix firewall
- version/cisco pix firewall/5.2\(1\)
- version/cisco pix firewall/5.2\(2\)
- version/cisco pix firewall/5.2\(3.210\)
- version/cisco pix firewall/5.2\(5\)
- version/cisco pix firewall/5.2\(6\)
- version/cisco pix firewall/5.2\(7\)
- version/cisco pix firewall/5.3
- version/cisco pix firewall/5.3\(1\)
- version/cisco pix firewall/5.3\(1.200\)
- version/cisco pix firewall/5.3\(2\)
- version/cisco pix firewall/5.3\(3\)
- version/cisco pix firewall/6.0
- version/cisco pix firewall/6.0\(1\)
- version/cisco pix firewall/6.0\(2\)
- version/cisco pix firewall/6.1\(2\)
- version/cisco pix firewall/6.2\(1\)