CVE-2013-4806
7.0
Vector
AV:N/AC:M/Au:S/C:P/I:N/A:C
Exploitability: 6.8 / Impact: 7.8
Source: NVD
Description
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Affected (27)
Products: Hp: 3com Router, 5500 24g 4sfp Hi Switch With 2 Interface Slots, 5500 24g Poe Ei Switch, 5500 24g Poe Si Switch, 5500 24g Sfp Dc Ei Switch, 5500 24g Sfp Ei Switch, 5500 24g Dc Ei Switch, 5500 24g Ei Switch, 5500 24g Si Switch, 5500 48g Poe Ei Switch, 5500 48g Poe Si Switch, 5500 48g Ei Switch, 5500 48g Si Switch, 5500g 24 Ei 10/100/1000 No Power Supply Unit Switch, 5500g 24 Ei Sfp No Power Supply Unit Switch, 5500g 48 Ei 10/100/1000 No Power Supply Unit Switch, H3c Ethernet Switch
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3012 | |
| Version jg311a | |
| Version jd378a | |
| Version jd371a | |
| Version jd379a | |
| Version jd374a | |
| Version jd373a | |
| Version jd377a | |
| Version jd369a | |
| Version jd376a | |
| Version jd372a | |
| Version jd375a | |
| Version jd370a | |
| Version jf551a | |
| Version jf553a | |
| Version jf552a | |
| Version s5600-26c-pwr |
References (4)
Source: hp-security-alert@hp.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.