A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-2157 A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 06 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco broadworks Network Server
CPEs cpe:2.3:a:cisco:broadworks_network_server:*:*:*:*:release_independent:*:*:*
Vendors & Products Cisco
Cisco broadworks Network Server

Tue, 18 Feb 2025 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 22 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 22 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
Title Cisco BroadWorks SIP Denial of Service Vulnerability
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-02-18T19:39:12.992Z

Reserved: 2024-10-10T19:15:13.218Z

Link: CVE-2025-20165

cve-icon Vulnrichment

Updated: 2025-01-22T16:49:12.408Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-22T17:15:13.010

Modified: 2025-08-06T20:02:42.397

Link: CVE-2025-20165

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.