Sign-up

ID

VAR-201401-0486


CVE

CVE-2013-7308


TITLE

Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers

Trust: 0.8

sources: CERT/CC: VU#229804

DESCRIPTION

The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. The Open Shortest Path First (OSPF) protocol does not specify unique Link State Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service (DoS) attack. This vulnerability CVE-2013-0149 And related issues. Supplementary information : CWE Vulnerability type by CWE-694: Use of Multiple Resources with Duplicate Identifier ( Using multiple resources with duplicate identifiers ) Has been identified. The D-Link DES-3810-28 is a switch device. Interrupt or obtain sensitive message information. Multiple Dlink Routers are prone to a remote security-bypass vulnerability due to an error in the OSPF protocol specification. Exploiting this issue could allow an attacker to bypass certain security restrictions and take full control of the OSPF AS domain routing table, blackholed traffic, and intercepted traffic. This may aid in further attacks. There is a security vulnerability in the OSPF implementation process of the D-Link DES-3810-28 switch using firmware R2.20.B017. Possibility of duplicates of values

Trust: 3.24

sources: NVD: CVE-2013-7308 // CERT/CC: VU#229804 // JVNDB: JVNDB-2013-005904 // CNVD: CNVD-2014-00598 // BID: 65161 // VULHUB: VHN-67310

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00598

AFFECTED PRODUCTS

vendor:dlinkmodel:des-3810-28scope:eqversion:r2.20.b017

Trust: 1.6

vendor:dlinkmodel:des-3810-28scope:eqversion: -

Trust: 1.0

vendor:brocademodel: - scope: - version: -

Trust: 0.8

vendor:check pointmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:enterasysmodel: - scope: - version: -

Trust: 0.8

vendor:extrememodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:necmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:vyattamodel: - scope: - version: -

Trust: 0.8

vendor:yamahamodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel:des-3810-28scope: - version: -

Trust: 0.8

vendor:d linkmodel:des-3810-28scope:eqversion:r2.20.b017

Trust: 0.8

vendor:dlinkmodel:des-3810-28 r2.20.b017scope: - version: -

Trust: 0.6

vendor:dlinkmodel:des-3810-28scope: - version: -

Trust: 0.6

sources: CERT/CC: VU#229804 // CNVD: CNVD-2014-00598 // JVNDB: JVNDB-2013-005904 // CNNVD: CNNVD-201401-495 // NVD: CVE-2013-7308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7308
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0149
value: MEDIUM

Trust: 0.8

NVD: CVE-2013-7308
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00598
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-495
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67310
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-7308
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2013-0149
severity: MEDIUM
baseScore: 5.4
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-00598
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67310
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#229804 // CNVD: CNVD-2014-00598 // VULHUB: VHN-67310 // JVNDB: JVNDB-2013-005904 // CNNVD: CNNVD-201401-495 // NVD: CVE-2013-7308

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2013-005904 // NVD: CVE-2013-7308

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201401-495

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201401-495

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005904

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#229804

PATCH
title:DES-3810-28url:http://www.dlink.ru/mn/products/1/1359.html
Trust: 0.8
title:D-Link DES-3810-28 Switching Firmware R2.20.B017 OSPF Routing Protocol Implementation Design Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/43169
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00598 // 
            
            
            
            JVNDB: JVNDB-2013-005904

EXTERNAL IDS
db:CERT/CCid:VU#229804
Trust: 3.6
db:NVDid:CVE-2013-7308
Trust: 3.4
db:JVNid:JVNVU96465452
Trust: 0.8
db:JVNDBid:JVNDB-2013-005904
Trust: 0.8
db:CNNVDid:CNNVD-201401-495
Trust: 0.7
db:CNVDid:CNVD-2014-00598
Trust: 0.6
db:BIDid:65161
Trust: 0.4
db:SEEBUGid:SSVID-61492
Trust: 0.1
db:VULHUBid:VHN-67310
Trust: 0.1
sources:
            
            
            CERT/CC: VU#229804 // 
            
            
            
            CNVD: CNVD-2014-00598 // 
            
            
            
            VULHUB: VHN-67310 // 
            
            
            
            BID: 65161 // 
            
            
            
            JVNDB: JVNDB-2013-005904 // 
            
            
            
            CNNVD: CNNVD-201401-495 // 
            
            
            
            NVD: CVE-2013-7308

REFERENCES
url:http://www.kb.cert.org/vuls/id/bluu-985qrv
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/229804
Trust: 2.5
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7308
Trust: 1.4
url:http://tools.ietf.org/html/rfc2328
Trust: 0.8
url:http://en.wikipedia.org/wiki/open_shortest_path_first
Trust: 0.8
url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk94490
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30210
Trust: 0.8
url:https://cp-enterasys.kb.net/article.aspx?article=15134&p=1
Trust: 0.8
url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1019716
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10582&cat=sirt_1&actp=
Trust: 0.8
url:http://jpn.nec.com/security-info/secinfo/nv13-006.html
Trust: 0.8
url:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Trust: 0.8
url:http://www.rtpro.yamaha.co.jp/rt/faq/security/vu96465452.html
Trust: 0.8
url:https://kc.mcafee.com/corporate/index?page=content&id=kb79309&actp=list
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7308
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96465452/
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/bluu-98ms25
Trust: 0.3
sources:
            
            
            CERT/CC: VU#229804 // 
            
            
            
            CNVD: CNVD-2014-00598 // 
            
            
            
            VULHUB: VHN-67310 // 
            
            
            
            BID: 65161 // 
            
            
            
            JVNDB: JVNDB-2013-005904 // 
            
            
            
            CNNVD: CNNVD-201401-495 // 
            
            
            
            NVD: CVE-2013-7308

CREDITS
Dr. Gabi Nakibly from Rafael Advanced Defense Systems as joint work he conducted with Eitan Menahem, Yuval Elovici and Ariel Waizel of Telekom Innovation Laboratories at Ben Gurion University
Trust: 0.3
sources:
            
            
            BID: 65161

SOURCES
db:CERT/CCid:VU#229804
db:CNVDid:CNVD-2014-00598
db:VULHUBid:VHN-67310
db:BIDid:65161
db:JVNDBid:JVNDB-2013-005904
db:CNNVDid:CNNVD-201401-495
db:NVDid:CVE-2013-7308

LAST UPDATE DATE
2025-04-11T22:53:09.351000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#229804date:2013-12-06T00:00:00
db:CNVDid:CNVD-2014-00598date:2014-01-26T00:00:00
db:VULHUBid:VHN-67310date:2014-01-23T00:00:00
db:BIDid:65161date:2014-01-27T00:00:00
db:JVNDBid:JVNDB-2013-005904date:2014-01-27T00:00:00
db:CNNVDid:CNNVD-201401-495date:2014-01-27T00:00:00
db:NVDid:CVE-2013-7308date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#229804date:2013-08-02T00:00:00
db:CNVDid:CNVD-2014-00598date:2014-01-27T00:00:00
db:VULHUBid:VHN-67310date:2014-01-23T00:00:00
db:BIDid:65161date:2014-01-27T00:00:00
db:JVNDBid:JVNDB-2013-005904date:2014-01-27T00:00:00
db:CNNVDid:CNNVD-201401-495date:2014-01-27T00:00:00
db:NVDid:CVE-2013-7308date:2014-01-23T17:55:05.213