Cisco PGW softswitch susceptible to crash, DoS

Advisory spells out vulnerabilities to SIP, MGCP implementations

Cisco's PGW 2200 softswitch line is susceptible to multiple vulnerabilities, including system crash and denial of service. The vulnerabilities were disclosed in a Cisco security advisory this week.

The vulnerabilities, nine in all, are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages and each vulnerability is independent of the other, the advisory states. Exploitation of all but one can crash the system, while the other can block creation or acceptance of new TCP connections, creating a DoS situation.

Multiple vulnerabilities exist in the SIP implementation of the softswitches while the MGCP implementation has one, the advisory states.

Cisco says it has released free software updates to address the vulnerabilities. There are no workarounds for them, the advisory states. The glitches were discovered during internal testing, and Cisco says it is not aware of any public announcements or malicious use of them.

More from Cisco Subnet:

• NIST Gives Guidelines for Securing IPv6
• Cisco WiFi open to attack
• Hands On: What can Cisco do for and against network neutrality?
• Prototyping 101
• Venture Capital Investment Up, But Security Investment Is Down
• 2010 CCNP Lab Series – Overview
• ICND1 and ICND2 vs CCNA
• Win a CompTIA A+ Study Guide

Win great stuff from Cisco Subnet
Like e-mail? Subscribe to the Cisco Alert newsletter.

Like RSS readers? Subscribe to the Cisco Subnet RSS feed

Follow all Cisco Subnet bloggers on Twitter.

Follow Jim Duffy on Twitter

• Cisco
• Cisco security advisories
• SIP
• softswitches