Cisco Open Network Environment Platform Unvalidated Pointer (CSCui51551)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability in the Open Network Environment Platform (ONEP) could
allow an authenticated, remote attacker to cause the network element to
reload.

The vulnerability is due to insufficient pointer validation. An
attacker could exploit this vulnerability by sending a crafted packet to
an ONEP-enabled network element. Successful exploitation could allow
the attacker to cause the network element to reload.

See also :

http://www.nessus.org/u?a4341ee5

Solution :

Apply the patch referenced in Cisco Bug Id CSCui51551.

Risk factor :

Medium / CVSS Base Score : 6.3
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 5.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70399 ()

Bugtraq ID: 62403

CVE ID: CVE-2013-5496