CVE-2013-7314 : The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does no

The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Published 2014-01-23 17:55:06

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2013-7314

NEC » Ip38x 3000 » Version: N/A
cpe:2.3:h:nec:ip38x_3000:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 1200 » Version: N/A
cpe:2.3:h:nec:ip38x_1200:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 810 » Version: N/A
cpe:2.3:h:nec:ip38x_810:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 250i » Version: N/A
cpe:2.3:h:nec:ip38x_250i:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 1100 » Version: N/A
cpe:2.3:h:nec:ip38x_1100:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 1500 » Version: N/A
cpe:2.3:h:nec:ip38x_1500:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 107e » Version: N/A
cpe:2.3:h:nec:ip38x_107e:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 1000 » Version: N/A
cpe:2.3:h:nec:ip38x_1000:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 2000 » Version: N/A
cpe:2.3:h:nec:ip38x_2000:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 105 » Version: N/A
cpe:2.3:h:nec:ip38x_105:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 140 » Version: N/A
cpe:2.3:h:nec:ip38x_140:-:*:*:*:*:*:*:*
Matching versions
NEC » Ip38x 300 » Version: N/A
cpe:2.3:h:nec:ip38x_300:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-7314

EPSS FAQ

1.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-7314

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2013-7314

http://www.kb.cert.org/vuls/id/229804

VU#229804 - Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
US Government Resource

CVEs referencing this url
http://www.kb.cert.org/vuls/id/BLUU-985QUQ

VU#229804 - Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
US Government Resource
http://jpn.nec.com/univerge/ix/Support/CERT/VU229804.html

IX1000/IX2000/IX3000シリーズOSPF脆弱性問題(VU#229804)に関する御報告 : UNIVERGE IXシリーズ | NEC
Vendor Advisory
http://jpn.nec.com/security-info/secinfo/nv13-006.html

NV13-006: NEC製品セキュリティ情報 | NEC
Vendor Advisory

Jump to

Vulnerability Details : CVE-2013-7314

Products affected by CVE-2013-7314

Exploit prediction scoring system (EPSS) score for CVE-2013-7314

CVSS scores for CVE-2013-7314

References for CVE-2013-7314