Cisco Bug: CSCup76212 - ASA rewrites incorrect content-length in SIP message
Sep 03, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
8.4(7.20) 9.0(4.13) 9.1(5.7)
Symptom: A SIP receiver endpoint intermittently fails to parse a SIP message (e.g. INVITE) because of extra characters in the beginning of message, causing call failures OR A SIP receiver endpoint receives Malformed SIP message. Conditions: - SIP inspection is enabled on ASA. - A SIP message sent by the sender contains a SIP payload. For example, XML dialog-info in NOTIFY packet. This message doesn't have to be the same message that was rejected by receiver. Any message sent previously in same connection can trigger the problem. - That SIP payload (the XML portion, and not the message itself), contains a SIP URI. For example, sip:12345@X.X.X.X:5060. - The ASA is to rewrite the SIP URI using a PAT (Port Address Translation) rule. - The port that ASA chooses for Port Address Translation (PAT) of URI, is different from the original port in the URI. Note: Sometimes, the URI doesn't contain any port. It is assumed to be 5060 in those cases.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases