CVE-2003-1109

Exp

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Published: 2003-12-31 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2003-1109 is rated High Exploit Risk (83.7/100): CVSS High severity, with high exploitation likelihood (EPSS 29.57%, 97th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +4.87% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2003-1109

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2003-1109

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-20 24.69% 29.57% +4.87%
2 2026-03-02 18.23% 24.69% +6.47%
3 2025-09-07 18.23%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2003-1109

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2003-1109

Affected software / configurations for CVE-2003-1109

Vendor Product Version Raw CPE
cisco ios 12.2\(1\)xa cpe:2.3:o:cisco:ios:12.2\(1\)xa:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xd cpe:2.3:o:cisco:ios:12.2\(1\)xd:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xd1 cpe:2.3:o:cisco:ios:12.2\(1\)xd1:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xd3 cpe:2.3:o:cisco:ios:12.2\(1\)xd3:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xd4 cpe:2.3:o:cisco:ios:12.2\(1\)xd4:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xe cpe:2.3:o:cisco:ios:12.2\(1\)xe:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xe2 cpe:2.3:o:cisco:ios:12.2\(1\)xe2:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xe3 cpe:2.3:o:cisco:ios:12.2\(1\)xe3:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xh cpe:2.3:o:cisco:ios:12.2\(1\)xh:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xq cpe:2.3:o:cisco:ios:12.2\(1\)xq:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xs cpe:2.3:o:cisco:ios:12.2\(1\)xs:*:*:*:*:*:*:*
cisco ios 12.2\(1\)xs1 cpe:2.3:o:cisco:ios:12.2\(1\)xs1:*:*:*:*:*:*:*
cisco ios 12.2\(2\)t4 cpe:2.3:o:cisco:ios:12.2\(2\)t4:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xa cpe:2.3:o:cisco:ios:12.2\(2\)xa:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xa1 cpe:2.3:o:cisco:ios:12.2\(2\)xa1:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xa5 cpe:2.3:o:cisco:ios:12.2\(2\)xa5:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xb cpe:2.3:o:cisco:ios:12.2\(2\)xb:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xb3 cpe:2.3:o:cisco:ios:12.2\(2\)xb3:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xb4 cpe:2.3:o:cisco:ios:12.2\(2\)xb4:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xf cpe:2.3:o:cisco:ios:12.2\(2\)xf:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xg cpe:2.3:o:cisco:ios:12.2\(2\)xg:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xh cpe:2.3:o:cisco:ios:12.2\(2\)xh:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xh2 cpe:2.3:o:cisco:ios:12.2\(2\)xh2:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xh3 cpe:2.3:o:cisco:ios:12.2\(2\)xh3:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xi cpe:2.3:o:cisco:ios:12.2\(2\)xi:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xi1 cpe:2.3:o:cisco:ios:12.2\(2\)xi1:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xi2 cpe:2.3:o:cisco:ios:12.2\(2\)xi2:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xj cpe:2.3:o:cisco:ios:12.2\(2\)xj:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xj1 cpe:2.3:o:cisco:ios:12.2\(2\)xj1:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xk cpe:2.3:o:cisco:ios:12.2\(2\)xk:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xk2 cpe:2.3:o:cisco:ios:12.2\(2\)xk2:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xn cpe:2.3:o:cisco:ios:12.2\(2\)xn:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xt cpe:2.3:o:cisco:ios:12.2\(2\)xt:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xt3 cpe:2.3:o:cisco:ios:12.2\(2\)xt3:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xu cpe:2.3:o:cisco:ios:12.2\(2\)xu:*:*:*:*:*:*:*
cisco ios 12.2\(2\)xu2 cpe:2.3:o:cisco:ios:12.2\(2\)xu2:*:*:*:*:*:*:*
cisco ios 12.2\(11\)t cpe:2.3:o:cisco:ios:12.2\(11\)t:*:*:*:*:*:*:*
cisco ios 12.2t cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*
cisco ios 12.2xa cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*
cisco ios 12.2xb cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*
cisco ios 12.2xc cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*
cisco ios 12.2xd cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*
cisco ios 12.2xe cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*
cisco ios 12.2xf cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*
cisco ios 12.2xg cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*
cisco ios 12.2xh cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*
cisco ios 12.2xi cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*
cisco ios 12.2xj cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*
cisco ios 12.2xk cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*
cisco ios 12.2xl cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*
cisco ios 12.2xm cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*
cisco ios 12.2xn cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*
cisco ios 12.2xq cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*
cisco ios 12.2xr cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*
cisco ios 12.2xs cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*
cisco ios 12.2xt cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*
cisco ios 12.2xw cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*
cisco ip_phone_7940 cpe:2.3:h:cisco:ip_phone_7940:*:*:*:*:*:*:*:*
cisco ip_phone_7960 cpe:2.3:h:cisco:ip_phone_7960:*:*:*:*:*:*:*:*
cisco pix_firewall_software 5.2\(1\) cpe:2.3:o:cisco:pix_firewall_software:5.2\(1\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.2\(2\) cpe:2.3:o:cisco:pix_firewall_software:5.2\(2\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.2\(3.210\) cpe:2.3:o:cisco:pix_firewall_software:5.2\(3.210\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.2\(5\) cpe:2.3:o:cisco:pix_firewall_software:5.2\(5\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.2\(6\) cpe:2.3:o:cisco:pix_firewall_software:5.2\(6\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.2\(7\) cpe:2.3:o:cisco:pix_firewall_software:5.2\(7\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.3 cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*
cisco pix_firewall_software 5.3\(1\) cpe:2.3:o:cisco:pix_firewall_software:5.3\(1\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.3\(1.200\) cpe:2.3:o:cisco:pix_firewall_software:5.3\(1.200\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.3\(2\) cpe:2.3:o:cisco:pix_firewall_software:5.3\(2\):*:*:*:*:*:*:*
cisco pix_firewall_software 5.3\(3\) cpe:2.3:o:cisco:pix_firewall_software:5.3\(3\):*:*:*:*:*:*:*
cisco pix_firewall_software 6.0 cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*
cisco pix_firewall_software 6.0\(1\) cpe:2.3:o:cisco:pix_firewall_software:6.0\(1\):*:*:*:*:*:*:*
cisco pix_firewall_software 6.0\(2\) cpe:2.3:o:cisco:pix_firewall_software:6.0\(2\):*:*:*:*:*:*:*
cisco pix_firewall_software 6.1\(2\) cpe:2.3:o:cisco:pix_firewall_software:6.1\(2\):*:*:*:*:*:*:*
cisco pix_firewall_software 6.2\(1\) cpe:2.3:o:cisco:pix_firewall_software:6.2\(1\):*:*:*:*:*:*:*

References for CVE-2003-1109

cvelogic Threat Intelligence