Cisco IOS 12.0 OSPF Link State Advertisment Database privileges management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Cisco IOS 12.0. Affected is an unknown function of the component OSPF Link State Advertisment Database. Executing a manipulation can lead to privileges management. The identification of this vulnerability is CVE-2013-0149. There is no exploit available. You should upgrade the affected component.
Details
A vulnerability was found in Cisco IOS 12.0 (Router Operating System). It has been declared as critical. This vulnerability affects some unknown functionality of the component OSPF Link State Advertisment Database. The manipulation with an unknown input leads to a privileges management vulnerability. The CWE definition for the vulnerability is CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. As an impact it is known to affect confidentiality, and availability. CVE summarizes:
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
The weakness was shared 08/01/2013 by Dr. Gabi Nakibly with Rafael Advanced Defense Systems as cisco-sa-20130801-lsaospf as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2013-0149 since 12/06/2012. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.
The vulnerability scanner Nessus provides a plugin with the ID 69379 (OSPF LSA Manipulation Vulnerability in Cisco NX-OS (cisco-sa-20130801-lsaospf)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 43308 (Cisco IOS and Cisco ASA OSPF LSA Manipulation Vulnerability (cisco-sa-20130801-lsaospf)).
Upgrading eliminates this vulnerability. The upgrade is hosted for download at tools.cisco.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (84112), Tenable (69379), SecurityFocus (BID 61566†) and OSVDB (95909†). The entries VDB-9894 and VDB-10802 are related to this item. Once again VulDB remains the best source for vulnerability data.
Affected
- PIX
- Cisco IOS
- ASA
- FWSM
- NX-OS
- IOS-XE
- StarOS
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.5
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 69379
Nessus Name: OSPF LSA Manipulation Vulnerability in Cisco NX-OS (cisco-sa-20130801-lsaospf)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 63377
OpenVAS Name: Junos OSPF Protocol Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: tools.cisco.com
Timeline
12/06/2012 🔍08/01/2013 🔍
08/01/2013 🔍
08/01/2013 🔍
08/05/2013 🔍
08/06/2013 🔍
08/16/2013 🔍
08/13/2024 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20130801-lsaospf
Researcher: Dr. Gabi Nakibly
Organization: Rafael Advanced Defense Systems
Status: Confirmed
CVE: CVE-2013-0149 (🔍)
GCVE (CVE): GCVE-0-2013-0149
GCVE (VulDB): GCVE-100-9844
OVAL: 🔍
IAVM: 🔍
CERT: 🔍
X-Force: 84112 - Open Shortest Path First (OSPF) protocol LSA lookup denial of service, High Risk
SecurityFocus: 61566 - Multiple Cisco Products CVE-2013-0149 Remote Security Bypass Vulnerability
OSVDB: 95909
See also: 🔍
Entry
Created: 08/06/2013 11:45Updated: 08/13/2024 08:15
Changes: 08/06/2013 11:45 (81), 04/29/2019 18:37 (4), 08/13/2024 08:15 (17)
Complete: 🔍
Committer: olku
Cache ID: 216:B5D:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.