CVE-2013-0570 : The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blad

The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166.

Published 2018-07-13 21:29:00

Updated 2018-09-10 12:50:38

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2013-0570

IBM » Network Operating System » Version: N/A
cpe:2.3:o:ibm:network_operating_system:-:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Flex System Fabric Cn4093 » Version: N/A
When used together with: IBM » Flex System Fabric En4093 » Version: N/A
When used together with: IBM » Flex System Si4093 » Version: N/A
When used together with: IBM » Rackswitch G8124 » Version: N/A
When used together with: IBM » Rackswitch G8124-e » Version: N/A
When used together with: IBM » Rackswitch G8124-er » Version: N/A
When used together with: IBM » Rackswitch G8264 » Version: N/A
When used together with: IBM » Rackswitch G8264-t » Version: N/A
When used together with: IBM » Rackswitch G8264cs » Version: N/A
When used together with: IBM » Rackswitch G8316 » Version: N/A
When used together with: IBM » Virtual Fabric » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2013-0570

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-0570

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.9	LOW	AV:A/AC:M/Au:N/C:P/I:N/A:N	5.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	1.6	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2013-0570

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0570

https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715

IBM Security Bulletin: IBM Switches flood Fibre Channel-over-Ethernet (FCoE) data frame out of every port if destination address is not in MAC table (CVE-2013-0570)
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/83166

IBM System Networking switches information disclosure CVE-2013-0570 Vulnerability Report
VDB Entry;Vendor Advisory

Jump to

Vulnerability Details : CVE-2013-0570

Products affected by CVE-2013-0570

Exploit prediction scoring system (EPSS) score for CVE-2013-0570

CVSS scores for CVE-2013-0570

CWE ids for CVE-2013-0570

References for CVE-2013-0570