Cisco IOS XE OSPF Opaque LSA DoS (CSCui21030)

medium Nessus Plugin ID 78825

Synopsis

The remote device is affected by a denial of service vulnerability.

Description

The remote Cisco device is affected by a denial of service vulnerability due to improper parsing of certain options in OSPF link-state advertisement (LSA) type 11 packets. A remote, unauthenticated attacker, using specially crafted OSPF packets with unusual options can cause a device reload, resulting in a denial of service.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCui21030.

See Also

http://www.nessus.org/u?2a23d9c5

https://tools.cisco.com/security/center/viewAlert.x?alertId=31201

Plugin Details

Severity: Medium

ID: 78825

File Name: cisco-sn-CVE-2013-5527-iosxe.nasl

Version: 1.9

Type: local

Family: CISCO

Published: 11/3/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.7

Temporal Score: 4.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/10/2014

Vulnerability Publication Date: 10/10/2013

Reference Information

CVE: CVE-2013-5527

BID: 62904

CISCO-BUG-ID: CSCui21030