The issue that Hendrik Scholz presented during his talk at the Black
Hat USA 2006 Briefings relates to the way the PIX firewall handles the
inspection of SIP messages. According to Mr. Scholz, upon receipt of a
specially crafted SIP message, the PIX could open a User Datagram Protocol
(UDP) connection to any device in the internal network. This connection would
then allow an attacker to send UDP traffic to the internal device.
While Cisco was unaware of this potential vulnerability prior to the
presentation, we have been working with Mr. Scholz to recreate the findings
presented. To date, Cisco has not been able to create a vulnerable situation
based on the description of the vulnerability as presented and on the
information which he has further provided to Cisco. Consequently, no defect has
been filed, although we will continue to work with Mr. Scholz as we attempt to
recreate the situation and validate his claims.