Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-7312

The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Published

2014-01-23T17:55:05.540

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.4 (MEDIUM)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.5

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware enterasys c5 - Yes
Hardware enterasys g3 - Yes
Hardware enterasys k10 - Yes
Hardware enterasys k6 - Yes
Hardware enterasys s130 - Yes
Hardware enterasys s140 - Yes
Hardware enterasys s150 - Yes
Hardware enterasys s155 - Yes
Hardware enterasys s180 - Yes
References