Denial of Service vulnerability in Cisco BroadWorks SIP processing
CVE-2025-20165
7.5HIGH
Summary
A vulnerability exists in the SIP processing subsystem of Cisco BroadWorks that allows unauthenticated, remote attackers to disrupt service by overwhelming the system with SIP requests. This issue stems from improper memory management for specific SIP requests. When an attacker floods the affected system with a high volume of SIP requests, they can deplete the memory available to the Cisco BroadWorks Network Servers, causing them to be unable to process any additional requests. This results in a denial of service condition, necessitating manual intervention to restore functionality.
Affected Version(s)
Cisco BroadWorks 22.0
Cisco BroadWorks 23.0
Cisco BroadWorks RI.2021.02
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved