Sign-up

ID

VAR-201401-0487


CVE

CVE-2013-7309


TITLE

Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers

Trust: 0.8

sources: CERT/CC: VU#229804

DESCRIPTION

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. The Open Shortest Path First (OSPF) protocol does not specify unique Link State Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service (DoS) attack. This vulnerability CVE-2013-0149 And related issues. Supplementary information : CWE Vulnerability type by CWE-694: Use of Multiple Resources with Duplicate Identifier ( Using multiple resources with duplicate identifiers ) Has been identified. Extreme Networks EXOS is a network equipment product. information. ExtremeXOS is prone to a remote security-bypass vulnerability due to an error in the OSPF protocol specification. Exploiting this issue could allow an attacker to bypass certain security restrictions and take full control of the OSPF AS domain routing table, blackholed traffic, and intercepted traffic. This may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2013-7309 // CERT/CC: VU#229804 // JVNDB: JVNDB-2013-005893 // CNVD: CNVD-2014-00597 // BID: 65162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00597

AFFECTED PRODUCTS

vendor:extremenetworksmodel:exosscope:eqversion: -

Trust: 1.6

vendor:brocademodel: - scope: - version: -

Trust: 0.8

vendor:check pointmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:enterasysmodel: - scope: - version: -

Trust: 0.8

vendor:extrememodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:necmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:vyattamodel: - scope: - version: -

Trust: 0.8

vendor:yamahamodel: - scope: - version: -

Trust: 0.8

vendor:extrememodel:extremexosscope: - version: -

Trust: 0.8

vendor:extrememodel:networks exosscope: - version: -

Trust: 0.6

vendor:extremenetworksmodel:exosscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#229804 // CNVD: CNVD-2014-00597 // BID: 65162 // JVNDB: JVNDB-2013-005893 // CNNVD: CNNVD-201401-494 // NVD: CVE-2013-7309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7309
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0149
value: MEDIUM

Trust: 0.8

NVD: CVE-2013-7309
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00597
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-494
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-7309
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2013-0149
severity: MEDIUM
baseScore: 5.4
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-00597
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CERT/CC: VU#229804 // CNVD: CNVD-2014-00597 // JVNDB: JVNDB-2013-005893 // CNNVD: CNNVD-201401-494 // NVD: CVE-2013-7309

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2013-005893 // NVD: CVE-2013-7309

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201401-494

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201401-494

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005893

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#229804

PATCH
title:Top Pageurl:http://www.extremenetworks.com/
Trust: 0.8
title:Extreme Networks EXOS OSPF Routing Protocol Implementation Design Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/43163
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00597 // 
            
            
            
            JVNDB: JVNDB-2013-005893

EXTERNAL IDS
db:CERT/CCid:VU#229804
Trust: 4.1
db:NVDid:CVE-2013-7309
Trust: 3.3
db:JVNid:JVNVU96465452
Trust: 0.8
db:JVNDBid:JVNDB-2013-005893
Trust: 0.8
db:CNVDid:CNVD-2014-00597
Trust: 0.6
db:CERT/CCid:HTTP://WWW.KB.CERT.ORG/VULS/ID/BLUU-985QSE
Trust: 0.6
db:CNNVDid:CNNVD-201401-494
Trust: 0.6
db:BIDid:65162
Trust: 0.3
sources:
            
            
            CERT/CC: VU#229804 // 
            
            
            
            CNVD: CNVD-2014-00597 // 
            
            
            
            BID: 65162 // 
            
            
            
            JVNDB: JVNDB-2013-005893 // 
            
            
            
            CNNVD: CNNVD-201401-494 // 
            
            
            
            NVD: CVE-2013-7309

REFERENCES
url:http://www.kb.cert.org/vuls/id/bluu-985qse
Trust: 3.3
url:http://www.kb.cert.org/vuls/id/229804
Trust: 3.0
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7309
Trust: 1.4
url:http://tools.ietf.org/html/rfc2328
Trust: 0.8
url:http://en.wikipedia.org/wiki/open_shortest_path_first
Trust: 0.8
url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk94490
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30210
Trust: 0.8
url:https://cp-enterasys.kb.net/article.aspx?article=15134&p=1
Trust: 0.8
url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1019716
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10582&cat=sirt_1&actp=
Trust: 0.8
url:http://jpn.nec.com/security-info/secinfo/nv13-006.html
Trust: 0.8
url:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Trust: 0.8
url:http://www.rtpro.yamaha.co.jp/rt/faq/security/vu96465452.html
Trust: 0.8
url:https://kc.mcafee.com/corporate/index?page=content&id=kb79309&actp=list
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7309
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96465452/
Trust: 0.8
url:http://www.extremenetworks.com/
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/bluu-98ms25
Trust: 0.3
sources:
            
            
            CERT/CC: VU#229804 // 
            
            
            
            CNVD: CNVD-2014-00597 // 
            
            
            
            BID: 65162 // 
            
            
            
            JVNDB: JVNDB-2013-005893 // 
            
            
            
            CNNVD: CNNVD-201401-494 // 
            
            
            
            NVD: CVE-2013-7309

CREDITS
Dr. Gabi Nakibly from Rafael Advanced Defense Systems as joint work he conducted with Eitan Menahem, Yuval Elovici and Ariel Waizel of Telekom Innovation Laboratories at Ben Gurion University
Trust: 0.3
sources:
            
            
            BID: 65162

SOURCES
db:CERT/CCid:VU#229804
db:CNVDid:CNVD-2014-00597
db:BIDid:65162
db:JVNDBid:JVNDB-2013-005893
db:CNNVDid:CNNVD-201401-494
db:NVDid:CVE-2013-7309

LAST UPDATE DATE
2025-04-11T22:53:08.400000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#229804date:2013-12-06T00:00:00
db:CNVDid:CNVD-2014-00597date:2014-01-26T00:00:00
db:BIDid:65162date:2014-01-23T00:00:00
db:JVNDBid:JVNDB-2013-005893date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-494date:2014-03-12T00:00:00
db:NVDid:CVE-2013-7309date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#229804date:2013-08-02T00:00:00
db:CNVDid:CNVD-2014-00597date:2014-01-27T00:00:00
db:BIDid:65162date:2014-01-23T00:00:00
db:JVNDBid:JVNDB-2013-005893date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-494date:2014-01-27T00:00:00
db:NVDid:CVE-2013-7309date:2014-01-23T17:55:05.243