CVE-2013-7312

Sažetak

The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Reference

http://www.kb.cert.org/vuls/id/229804
http://www.kb.cert.org/vuls/id/BLUU-985QS8
https://community.enterasys.com/enterasys/topics/ensrt_product_advisory_vu_229804_ospf_lsa_lookup_identifers-il4n3
https://cp-enterasys.kb.net/article.aspx?article=15134&p=1

CVSS

Base:	5.4
Impact:	6.4
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:A/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-01-2014 - 19:49

Objavljeno

23-01-2014 - 17:55