Fundamentals of SIP

The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP). That the definition of SIP according to Wikipedia. This definition is only the beginning, as SIP is a very complex protocol.

You can check IETF RFC, Wikipedia, for details, but most probably you’ll not remember too much about SIP, except if you are dealing with this protocol daily in your work field. As a network engineer you should know at least what is SIP and what it does, so here is a short video that explain SIP fundamentals:

Cisco: Multiple Vulnerabilities in Cisco PGW Softswitch

Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products and they are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages.

SIP is a popular signaling protocol used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol is flexible to accommodate for other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol.

MGCP is the protocol for controlling telephony gateways from external call control elements known as media gateway controllers or call agents. A telephony gateway is a network element that provides conversion between the audio signals carried on telephone circuits and data packets carried over the Internet or other packet networks.

Multiple DoS vulnerabilities exist in the Cisco PGW 2200 Softswitch SIP implementation, and one vulnerability is in the MGCP implementation.

The following vulnerabilities can cause affected devices to crash:

  • CSCsl39126 (registered customers only), CVE ID CVE-2010-0601
  • CSCsk32606 (registered customers only), CVE ID CVE-2010-0602
  • CSCsk40030 (registered customers only), CVE ID CVE-2010-0603
  • CSCsk38165 (registered customers only), CVE ID CVE-2010-0604
  • CSCsk44115 (registered customers only), CVE ID CVE-2010-1561
  • CSCsj98521 (registered customers only), CVE ID CVE-2010-1562
  • CSCsk04588 (registered customers only), CVE ID CVE-2010-1563
  • CSCsz13590 (registered customers only), CVE ID CVE-2010-1567

The following vulnerability may cause an affected device to be unable to accept or create a new TCP connection. Existing calls will not be terminated, but no new SIP connections will be established. If exploited, this vulnerability will also prevent the device from establishing any new HTTP, SSH or Telnet sessions.

  • CSCsk13561 (registered customers only), CVE ID CVE-2010-1565

There are no workarounds for the vulnerabilities in this advisory.


Cisco: CUCM DoS Vulnerabilities

Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.

To address these vulnerabilities, Cisco has released free software updates for select Cisco Unified Communications Manager versions. There is a workaround for of one the vulnerabilities.

The following products are affected by vulnerabilities that are described in this advisory:

* Cisco Unified Communications Manager 4.x
* Cisco Unified Communications Manager 5.x
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x

Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that require SCCP and SIP access to Cisco Unified Communications Manager appliances.

It is possible to mitigate the CTI Manager vulnerability by disabling the CTI Manager service t is not necessary; however, this workaround will interrupt applications that reply on the CTI Manager service. Administrators can also mitigate the vulnerability by implementing filtering on screening devices to permit access to TCP port 2748 only from networks that require access to the CTI Manager service.

This advisory is posted at