fkie_nvd - fkie_cve-2025-20165

fkie_cve-2025-20165

Vulnerability from fkie_nvd

Published

2025-01-22 17:15

Modified

2025-02-18 20:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.

References

▼	URL	Tags
	psirt@cisco.com	https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el subsistema de procesamiento SIP de Cisco BroadWorks podr\u00eda permitir que un atacante remoto no autenticado detenga el procesamiento de solicitudes SIP entrantes, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a una gesti\u00f3n inadecuada de la memoria para ciertas solicitudes SIP. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una gran cantidad de solicitudes SIP a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante agote la memoria asignada a los servidores de red Cisco BroadWorks que manejan el tr\u00e1fico SIP. Si no hay memoria disponible, los servidores de red ya no pueden procesar solicitudes entrantes, lo que da como resultado una condici\u00f3n de DoS que requiere intervenci\u00f3n manual para recuperarse."
    }
  ],
  "id": "CVE-2025-20165",
  "lastModified": "2025-02-18T20:15:25.050",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-22T17:15:13.010",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

cve-2025-20165

Vulnerability from cvelistv5

Published

2025-01-22 16:21