Vulnerability Details : CVE-2013-5385
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-5385
- cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:6.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5385
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5385
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:N/A:C |
10.0
|
7.8
|
NIST |
CWE ids for CVE-2013-5385
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5385
-
http://www.kb.cert.org/vuls/id/229804
VU#229804 - Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiersUS Government Resource
-
http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716
IBM Security Bulletin: Vulnerability in OSPFv2 Routing Protocol Used in IBM System Networking Ethernet Switches (CVE-2013-5385)
-
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309
IBM Security Bulletin: Vulnerability in OSPFv2 Routing Protocol Used in IBM i Operating System (CVE-2013-0149 and CVE-2013-5385)Vendor Advisory
-
http://www.kb.cert.org/vuls/id/BLUU-985QTG
VU#229804 - Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
Jump to