Details of VAR-201310-0510

ID

VAR-201310-0510

CVE

CVE-2013-5527

TITLE

Cisco IOS and IOS XE of OSPF Denial of service in function (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004600

DESCRIPTION

The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Exploiting this issue may allow attackers to cause a reload of the affected device. This may cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCui21030

Trust: 2.52

sources: NVD: CVE-2013-5527 // JVNDB: JVNDB-2013-004600 // CNVD: CNVD-2013-13657 // BID: 62904 // VULHUB: VHN-65529

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13657

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ios	scope:	lte	version:	15.4(3)s	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	lte	version:	3.9s (.1)	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-13657 // BID: 62904 // JVNDB: JVNDB-2013-004600 // CNNVD: CNNVD-201310-151 // NVD: CVE-2013-5527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5527
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5527
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-13657
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-151
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65529
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5527
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13657
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65529
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13657 // VULHUB: VHN-65529 // JVNDB: JVNDB-2013-004600 // CNNVD: CNNVD-201310-151 // NVD: CVE-2013-5527

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-65529 // JVNDB: JVNDB-2013-004600 // NVD: CVE-2013-5527

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201310-151

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-151

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004600

PATCH

title:	Cisco IOS Software OSPF Opaque LSA Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5527	Trust: 0.8
title:	31201	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31201	Trust: 0.8
title:	Patch for Cisco IOS and IOS XE OSPF Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/40136	Trust: 0.6

sources: CNVD: CNVD-2013-13657 // JVNDB: JVNDB-2013-004600

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5527	Trust: 3.4
db:	BID	id:	62904	Trust: 2.0
db:	OSVDB	id:	98253	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004600	Trust: 0.8
db:	CNVD	id:	CNVD-2013-13657	Trust: 0.6
db:	CISCO	id:	20131009 CISCO IOS SOFTWARE OSPF OPAQUE LSA DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-201310-151	Trust: 0.6
db:	VULHUB	id:	VHN-65529	Trust: 0.1

sources: CNVD: CNVD-2013-13657 // VULHUB: VHN-65529 // BID: 62904 // JVNDB: JVNDB-2013-004600 // CNNVD: CNNVD-201310-151 // NVD: CVE-2013-5527

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5527	Trust: 2.3
url:	http://www.securityfocus.com/bid/62904	Trust: 1.1
url:	http://osvdb.org/98253	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87762	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5527	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5527	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2013-13657 // VULHUB: VHN-65529 // BID: 62904 // JVNDB: JVNDB-2013-004600 // CNNVD: CNNVD-201310-151 // NVD: CVE-2013-5527

CREDITS

Cisco

Trust: 0.3

sources: BID: 62904

SOURCES

db:	CNVD	id:	CNVD-2013-13657
db:	VULHUB	id:	VHN-65529
db:	BID	id:	62904
db:	JVNDB	id:	JVNDB-2013-004600
db:	CNNVD	id:	CNNVD-201310-151
db:	NVD	id:	CVE-2013-5527

LAST UPDATE DATE

2024-11-23T22:23:13.109000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13657	date:	2013-10-12T00:00:00
db:	VULHUB	id:	VHN-65529	date:	2017-08-29T00:00:00
db:	BID	id:	62904	date:	2013-10-10T20:34:00
db:	JVNDB	id:	JVNDB-2013-004600	date:	2013-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201310-151	date:	2013-10-11T00:00:00
db:	NVD	id:	CVE-2013-5527	date:	2024-11-21T01:57:38.647

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13657	date:	2013-10-12T00:00:00
db:	VULHUB	id:	VHN-65529	date:	2013-10-10T00:00:00
db:	BID	id:	62904	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004600	date:	2013-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201310-151	date:	2013-10-11T00:00:00
db:	NVD	id:	CVE-2013-5527	date:	2013-10-10T10:55:06.770