Details of VAR-201401-0485

ID

VAR-201401-0485

CVE

CVE-2013-7307

TITLE

Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers

Trust: 0.8

sources: CERT/CC: VU#229804

DESCRIPTION

The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. The Open Shortest Path First (OSPF) protocol does not specify unique Link State Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service (DoS) attack. This vulnerability CVE-2013-0149 And related issues. Supplementary information : CWE Vulnerability type by CWE-694: Use of Multiple Resources with Duplicate Identifier ( Using multiple resources with duplicate identifiers ) Has been identified. Brocade Vyatta vRouter is a router device. Text information. Multiple Brocade routers are prone to a remote security-bypass vulnerability due to an error in the OSPF protocol specification. Exploiting this issue could allow an attacker to bypass certain security restrictions and take full control of the OSPF AS domain routing table, blackholed traffic, and intercepted traffic. This may aid in further attacks. There is a security vulnerability in the OSPF implementation process of Brocade Vyatta vRouter using the software version before 6.6R1

Trust: 3.33

sources: NVD: CVE-2013-7307 // CERT/CC: VU#229804 // JVNDB: JVNDB-2013-005903 // CNVD: CNVD-2014-00599 // BID: 65157 // VULHUB: VHN-67309 // VULMON: CVE-2013-7307

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00599

AFFECTED PRODUCTS

vendor:	brocade	model:	vyatta vrouter	scope:	-	version:	-	Trust: 1.4
vendor:	brocade	model:	vyatta vrouter software	scope:	lte	version:	6.6	Trust: 1.0
vendor:	brocade	model:	vyatta vrouter	scope:	eq	version:	-	Trust: 1.0
vendor:	brocade	model:	vyatta vrouter software	scope:	eq	version:	6.6	Trust: 0.9
vendor:	brocade	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	enterasys	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	extreme	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	vyatta	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	yamaha	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	brocade	model:	vyatta vrouter software	scope:	lt	version:	6.6r1	Trust: 0.8
vendor:	brocade	model:	vyatta vrouter software	scope:	lt	version:	6.6	Trust: 0.6
vendor:	brocade	model:	vyatta vrouter	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#229804 // CNVD: CNVD-2014-00599 // BID: 65157 // JVNDB: JVNDB-2013-005903 // CNNVD: CNNVD-201401-496 // NVD: CVE-2013-7307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7307
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-0149
value:	MEDIUM
Trust: 0.8
NVD:	CVE-2013-7307
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-00599
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201401-496
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-67309
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2013-7307
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-7307
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
NVD:	CVE-2013-0149
severity:	MEDIUM
baseScore:	5.4
vectorString:	NONE
accessVector:	ADJACENT NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-00599
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-67309
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#229804 // CNVD: CNVD-2014-00599 // VULHUB: VHN-67309 // VULMON: CVE-2013-7307 // JVNDB: JVNDB-2013-005903 // CNNVD: CNNVD-201401-496 // NVD: CVE-2013-7307

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2013-005903 // NVD: CVE-2013-7307

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201401-496

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201401-496

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005903

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#229804

PATCH

title:	Top Page	url:	http://www.brocade.com	Trust: 0.8
title:	Brocade Vyatta vRouter OSPF routing protocol implementation design vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/43173	Trust: 0.6

sources: CNVD: CNVD-2014-00599 // JVNDB: JVNDB-2013-005903

EXTERNAL IDS

db:	CERT/CC	id:	VU#229804	Trust: 3.7
db:	NVD	id:	CVE-2013-7307	Trust: 3.5
db:	JVN	id:	JVNVU96465452	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005903	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-496	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00599	Trust: 0.6
db:	CERT/CC	id:	HTTP://WWW.KB.CERT.ORG/VULS/ID/BLUU-97KQ2C	Trust: 0.6
db:	BID	id:	65157	Trust: 0.4
db:	VULHUB	id:	VHN-67309	Trust: 0.1
db:	VULMON	id:	CVE-2013-7307	Trust: 0.1

sources: CERT/CC: VU#229804 // CNVD: CNVD-2014-00599 // VULHUB: VHN-67309 // VULMON: CVE-2013-7307 // BID: 65157 // JVNDB: JVNDB-2013-005903 // CNNVD: CNNVD-201401-496 // NVD: CVE-2013-7307

REFERENCES

url:	http://www.kb.cert.org/vuls/id/229804	Trust: 2.6
url:	http://www.kb.cert.org/vuls/id/bluu-97kq2c	Trust: 2.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7307	Trust: 1.4
url:	http://tools.ietf.org/html/rfc2328	Trust: 0.8
url:	http://en.wikipedia.org/wiki/open_shortest_path_first	Trust: 0.8
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk94490	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30210	Trust: 0.8
url:	https://cp-enterasys.kb.net/article.aspx?article=15134&p=1	Trust: 0.8
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1019716	Trust: 0.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10582&cat=sirt_1&actp=	Trust: 0.8
url:	http://jpn.nec.com/security-info/secinfo/nv13-006.html	Trust: 0.8
url:	http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html	Trust: 0.8
url:	http://www.rtpro.yamaha.co.jp/rt/faq/security/vu96465452.html	Trust: 0.8
url:	https://kc.mcafee.com/corporate/index?page=content&id=kb79309&actp=list	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7307	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96465452/	Trust: 0.8
url:	http://www.brocade.com/index.page	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/bluu-98ms25	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Dr. Gabi Nakibly from Rafael Advanced Defense Systems as joint work he conducted with Eitan Menahem, Yuval Elovici and Ariel Waizel of Telekom Innovation Laboratories at Ben Gurion University

Trust: 0.3

sources: BID: 65157

SOURCES

db:	CERT/CC	id:	VU#229804
db:	CNVD	id:	CNVD-2014-00599
db:	VULHUB	id:	VHN-67309
db:	VULMON	id:	CVE-2013-7307
db:	BID	id:	65157
db:	JVNDB	id:	JVNDB-2013-005903
db:	CNNVD	id:	CNNVD-201401-496
db:	NVD	id:	CVE-2013-7307

LAST UPDATE DATE

2025-04-11T22:53:09.308000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#229804	date:	2013-12-06T00:00:00
db:	CNVD	id:	CNVD-2014-00599	date:	2014-01-26T00:00:00
db:	VULHUB	id:	VHN-67309	date:	2014-01-23T00:00:00
db:	VULMON	id:	CVE-2013-7307	date:	2014-01-23T00:00:00
db:	BID	id:	65157	date:	2014-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-005903	date:	2014-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201401-496	date:	2014-01-27T00:00:00
db:	NVD	id:	CVE-2013-7307	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#229804	date:	2013-08-02T00:00:00
db:	CNVD	id:	CNVD-2014-00599	date:	2014-01-27T00:00:00
db:	VULHUB	id:	VHN-67309	date:	2014-01-23T00:00:00
db:	VULMON	id:	CVE-2013-7307	date:	2014-01-23T00:00:00
db:	BID	id:	65157	date:	2014-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-005903	date:	2014-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201401-496	date:	2014-01-27T00:00:00
db:	NVD	id:	CVE-2013-7307	date:	2014-01-23T17:55:05.197