Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Published: 2014-01-23
Updated: 2014-01-23
Summary
The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. Per: http://cwe.mitre.org/data/definitions/694.html "CWE-694: Use of Multiple Resources with Duplicate Identifier"
Vulnerable Configurations
Part | Description | Count |
Hardware | Nec | 12 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 65170 CVE(CAN) ID: CVE-2013-7314 NEC是日本一家跨国信息技术公司,为商业企业、通信服务以及政府提供信息技术和网络产品。 NEC IP38X, IX1000, IX2000, IX3000路由器的OSPF实现中,执行LSA数据库操作之前没有考虑链路状态广告(LSA)数据包内的重复链路状态ID值,这可使远程攻击者通过特制的LSA数据包,造成拒绝服务(路由中断)或获取敏感数据包信息。 0 NEC IP38X NEC IX1000 NEC IX2000 NEC IX3000 厂商补丁: NEC --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.nec.com.sg/index.php?q=products/enterprise-servers |
id | SSV:61419 |
last seen | 2017-11-19 |
modified | 2014-02-12 |
published | 2014-02-12 |
reporter | Root |
title | 多个NEC产品远程安全限制绕过漏洞 |