Cisco Bug: CSCuj72215 - RTCP packets fill up input queue causing performance issues
Apr 24, 2020
- Cisco IOS
Known Affected Releases
Symptom: A vulnerability in handling of RTCP traffic of Cisco CUBE could allow an unauthenticated, remote attacker to cause traffic destined to an affected device as well as traffic that needs to be processed-switched to fail. The vulnerability is due to exhaustion of interface input queue by the RTCP traffic. An attacker could exploit this vulnerability by sending RTCP packet in a specific sequence. An exploit could allow the attacker to cause traffic destined to an affected device as well as traffic that needs to be processed- switched to fail. Conditions: RTCP packets have been found to be associated with SIP but any voice protocol may be involved. The default input queue size is 75 on ISR routers. When the input queue fills up, the size (76) will exceed the max. This may look like an input queue wedge on the surface but for this bug, the packets should be drained once the call is torn down and the socket is removed. The RTCP packets should only be punted to the CPU for processing (and thus hit the input queue) when the RTP session isn't yet established and we don't have a socket. Once this establishment is done, RTCP traffic should be processed in the fast-path.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases