Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-7314

The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Published

2014-01-23T17:55:05.633

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware nec ip38x_1000 - Yes
Hardware nec ip38x_105 - Yes
Hardware nec ip38x_107e - Yes
Hardware nec ip38x_1100 - Yes
Hardware nec ip38x_1200 - Yes
Hardware nec ip38x_140 - Yes
Hardware nec ip38x_1500 - Yes
Hardware nec ip38x_2000 - Yes
Hardware nec ip38x_250i - Yes
Hardware nec ip38x_300 - Yes
Hardware nec ip38x_3000 - Yes
Hardware nec ip38x_810 - Yes
References