Cisco IOS OSPF Opaque LSA DoS (CSCui21030)

medium Nessus Plugin ID 78824

Synopsis

The remote device is affected by a denial of service vulnerability.

Description

The remote Cisco device contains an issue in the OSPF implementation.
The flaw is due to improper parsing of certain options in OSPF link-state advertisement (LSA) type 11 packets. A remote, unauthenticated can cause a denial of service (device reload) via specially crafted OSPF packets with unusual options.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCui21030.

See Also

http://www.nessus.org/u?2a23d9c5

https://tools.cisco.com/security/center/viewAlert.x?alertId=31201

Plugin Details

Severity: Medium

ID: 78824

File Name: cisco-sn-CVE-2013-5527-ios.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 11/3/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.7

Temporal Score: 4.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/10/2014

Vulnerability Publication Date: 10/10/2013

Reference Information

CVE: CVE-2013-5527

BID: 62904

CISCO-BUG-ID: CSCui21030