A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
CVSS
No CVSS.
References
Configurations
History
06 Aug 2025, 20:02
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:cisco:broadworks_network_server:*:*:*:*:release_independent:*:*:* | |
| First Time |
Cisco
Cisco broadworks Network Server |
|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA - Not Applicable | |
| References | () https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html - Not Applicable | |
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt - Vendor Advisory |
18 Feb 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| CWE |
22 Jan 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-01-22 17:15
Updated : 2025-08-06 20:02
NVD link : CVE-2025-20165
Mitre link : CVE-2025-20165
JSON object : View
Products Affected
cisco
- broadworks_network_server
CWE
CWE-789
Memory Allocation with Excessive Size Value