Cisco SIP slip spikes servers

Cisco has patched a bug in some of its video server SIP implementations that left them open to a remote denial-of-service attack.

The Borg says the Cisco Video Communication Server can be crashed by a malformed SIP header message, adding that remote attackers can exploit this by manipulating the SIP URI.

An attacker doesn't need to be authenticated to down the target system.

The bug affects Cisco TelePresence VCS X8.x releases prior to X8.7.2 are vulnerable, and Cisco has announced a patch here. ®