Sign-up

ID

VAR-201311-0305


CVE

CVE-2013-5565


TITLE

Cisco IOS XR of OSPFv3 Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005053

DESCRIPTION

The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker can exploit this issue to cause the OSPFv3 process to crash on an affected device, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCuj82176. The vulnerability is caused by the program not correctly parsing LSA Type-1 packets

Trust: 2.52

sources: NVD: CVE-2013-5565 // JVNDB: JVNDB-2013-005053 // CNVD: CNVD-2013-14417 // BID: 63563 // VULHUB: VHN-65567

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14417

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:5.1.0

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:5.1

Trust: 0.8

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-14417 // JVNDB: JVNDB-2013-005053 // CNNVD: CNNVD-201311-107 // NVD: CVE-2013-5565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5565
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5565
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14417
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201311-107
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65567
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5565
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14417
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65567
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14417 // VULHUB: VHN-65567 // JVNDB: JVNDB-2013-005053 // CNNVD: CNNVD-201311-107 // NVD: CVE-2013-5565

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-65567 // JVNDB: JVNDB-2013-005053 // NVD: CVE-2013-5565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-107

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201311-107

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005053

PATCH
title:Cisco IOS XR Software OSPFv3 Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5565
Trust: 0.8
title:31675url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31675
Trust: 0.8
title:Patch for Cisco IOS XR 'OSPFv3' Feature Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41021
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14417 // 
            
            
            
            JVNDB: JVNDB-2013-005053

EXTERNAL IDS
db:NVDid:CVE-2013-5565
Trust: 3.4
db:BIDid:63563
Trust: 1.6
db:JVNDBid:JVNDB-2013-005053
Trust: 0.8
db:CNVDid:CNVD-2013-14417
Trust: 0.6
db:CISCOid:20131106 CISCO IOS XR SOFTWARE OSPFV3 DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:NSFOCUSid:25244
Trust: 0.6
db:CNNVDid:CNNVD-201311-107
Trust: 0.6
db:VULHUBid:VHN-65567
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14417 // 
            
            
            
            VULHUB: VHN-65567 // 
            
            
            
            BID: 63563 // 
            
            
            
            JVNDB: JVNDB-2013-005053 // 
            
            
            
            CNNVD: CNNVD-201311-107 // 
            
            
            
            NVD: CVE-2013-5565

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5565
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31675
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5565
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5565
Trust: 0.8
url:http://www.securityfocus.com/bid/63563
Trust: 0.6
url:http://www.nsfocus.net/vulndb/25244
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps5845/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14417 // 
            
            
            
            VULHUB: VHN-65567 // 
            
            
            
            BID: 63563 // 
            
            
            
            JVNDB: JVNDB-2013-005053 // 
            
            
            
            CNNVD: CNNVD-201311-107 // 
            
            
            
            NVD: CVE-2013-5565

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 63563 // 
            
            
            
            CNNVD: CNNVD-201311-107

SOURCES
db:CNVDid:CNVD-2013-14417
db:VULHUBid:VHN-65567
db:BIDid:63563
db:JVNDBid:JVNDB-2013-005053
db:CNNVDid:CNNVD-201311-107
db:NVDid:CVE-2013-5565

LAST UPDATE DATE
2024-11-23T22:18:43.606000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14417date:2013-11-12T00:00:00
db:VULHUBid:VHN-65567date:2013-11-14T00:00:00
db:BIDid:63563date:2013-11-11T00:42:00
db:JVNDBid:JVNDB-2013-005053date:2013-11-11T00:00:00
db:CNNVDid:CNNVD-201311-107date:2013-11-08T00:00:00
db:NVDid:CVE-2013-5565date:2024-11-21T01:57:42.890

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14417date:2013-11-12T00:00:00
db:VULHUBid:VHN-65567date:2013-11-08T00:00:00
db:BIDid:63563date:2013-11-06T00:00:00
db:JVNDBid:JVNDB-2013-005053date:2013-11-11T00:00:00
db:CNNVDid:CNNVD-201311-107date:2013-11-08T00:00:00
db:NVDid:CVE-2013-5565date:2013-11-08T04:47:23.057