Vulnerabilities > CVE-2013-7314 - Unspecified vulnerability in NEC products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
nec

Summary

The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. Per: http://cwe.mitre.org/data/definitions/694.html "CWE-694: Use of Multiple Resources with Duplicate Identifier"

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65170 CVE(CAN) ID: CVE-2013-7314 NEC是日本一家跨国信息技术公司,为商业企业、通信服务以及政府提供信息技术和网络产品。 NEC IP38X, IX1000, IX2000, IX3000路由器的OSPF实现中,执行LSA数据库操作之前没有考虑链路状态广告(LSA)数据包内的重复链路状态ID值,这可使远程攻击者通过特制的LSA数据包,造成拒绝服务(路由中断)或获取敏感数据包信息。 0 NEC IP38X NEC IX1000 NEC IX2000 NEC IX3000 厂商补丁: NEC --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.nec.com.sg/index.php?q=products/enterprise-servers
idSSV:61419
last seen2017-11-19
modified2014-02-12
published2014-02-12
reporterRoot
title多个NEC产品远程安全限制绕过漏洞