CVE-2013-4806

Current Description

The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Basic Data

PublishedAugust 12, 2013
Last ModifiedJanuary 04, 2014
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.0
SeverityHIGH
Exploitability Score6.8
Impact Score7.8
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareHp3com Router3012*******
    2.3HardwareHp3com Router3018*******
    2.3HardwareHp3com Router5012*******
    2.3HardwareHp3com Router5232*******
    2.3HardwareHp3com Router5642*******
    2.3HardwareHp3com Router5642_taa*******
    2.3HardwareHp3com Router5682*******
    2.3HardwareHp5500-24g-4sfp Hi Switch With 2 Interface Slotsjg311a*******
    2.3HardwareHp5500-24g-poe Ei Switchjd378a*******
    2.3HardwareHp5500-24g-poe Si Switchjd371a*******
    2.3HardwareHp5500-24g-sfp Dc Ei Switchjd379a*******
    2.3HardwareHp5500-24g-sfp Ei Switchjd374a*******
    2.3HardwareHp5500-24g Dc Ei Switchjd373a*******
    2.3HardwareHp5500-24g Ei Switchjd377a*******
    2.3HardwareHp5500-24g Si Switchjd369a*******
    2.3HardwareHp5500-48g-poe Ei Switchjd376a*******
    2.3HardwareHp5500-48g-poe Si Switchjd372a*******
    2.3HardwareHp5500-48g Ei Switchjd375a*******
    2.3HardwareHp5500-48g Si Switchjd370a*******
    2.3HardwareHp5500g-24 Ei 10/100/1000 No Power Supply Unit Switchjf551a*******
    2.3HardwareHp5500g-24 Ei Sfp No Power Supply Unit Switchjf553a*******
    2.3HardwareHp5500g-48 Ei 10/100/1000 No Power Supply Unit Switchjf552a*******
    2.3HardwareHpH3c Ethernet Switchs5600-26c*******
    2.3HardwareHpH3c Ethernet Switchs5600-26c-pwr*******
    2.3HardwareHpH3c Ethernet Switchs5600-26f*******
    2.3HardwareHpH3c Ethernet Switchs5600-50c*******
    2.3HardwareHpH3c Ethernet Switchs5600-50c-pwr*******

Vulnerable Software List

VendorProductVersions
Hp 5500-48g Si Switch jd370a
Hp 5500g-24 Ei 10/100/1000 No Power Supply Unit Switch jf551a
Hp 5500g-24 Ei Sfp No Power Supply Unit Switch jf553a
Hp 5500g-48 Ei 10/100/1000 No Power Supply Unit Switch jf552a
Hp 5500-24g-4sfp Hi Switch With 2 Interface Slots jg311a
Hp 5500-24g-poe Ei Switch jd378a
Hp 5500-24g-poe Si Switch jd371a
Hp 5500-24g-sfp Dc Ei Switch jd379a
Hp 5500-24g-sfp Ei Switch jd374a
Hp 3com Router 3012, 3018, 5012, 5232, 5642, 5642_taa, 5682
Hp 5500-24g Dc Ei Switch jd373a
Hp 5500-24g Ei Switch jd377a
Hp 5500-24g Si Switch jd369a
Hp H3c Ethernet Switch s5600-26c, s5600-26c-pwr, s5600-26f, s5600-50c, s5600-50c-pwr
Hp 5500-48g-poe Ei Switch jd376a
Hp 5500-48g-poe Si Switch jd372a
Hp 5500-48g Ei Switch jd375a

References

NameSourceURLTags
VU#229804http://www.kb.cert.org/vuls/id/229804CERT-VNUS Government Resource
SSRT101224https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03880910HPVendor Advisory