OSPF LSA Manipulation Vulnerability in Cisco NX-OS (cisco-sa-20130801-lsaospf)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The remote Cisco NX-OS device is affected by a vulnerability involving
the Open Shortest Path First (OSPF) routing protocol Link State
Advertisement (LSA) database. By injecting specially crafted OSPF
packets, an unauthenticated attacker could manipulate or disrupt the
flow of network traffic through the device.

See also :

http://www.nessus.org/u?58c1354a

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20130801-lsaospf.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 69379 ()

Bugtraq ID: 61566

CVE ID: CVE-2013-0149