UM Labs

A new security advisory  published on the 31st October describes a vulnerability in Session Initiation Protocol (SIP) processing in Cisco products. This vulnerability could allow:

 an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition

There are currently no workarounds available.

The problem is related to processing incomplete SIP connections and appears to be linked  to the Slow Loris attack. Slow Loris normally attacks web sites a works by sending requests very slowly to consume system resources. Research by UM Labs has shown that similar attacks are possible using SIP. Unicus, from UM Labs is designed to protect against attacks of this kind. No UM Labs releases are vulnerable to this attack.