Vulnerability Details : CVE-2013-5385
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-5385
Probability of exploitation activity in the next 30 days: 0.55%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5385
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:N/A:C |
10.0
|
7.8
|
NIST |
CWE ids for CVE-2013-5385
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5385
-
http://www.kb.cert.org/vuls/id/229804
VU#229804 - Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiersUS Government Resource
-
http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716
IBM Security Bulletin: Vulnerability in OSPFv2 Routing Protocol Used in IBM System Networking Ethernet Switches (CVE-2013-5385)
-
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309
IBM Security Bulletin: Vulnerability in OSPFv2 Routing Protocol Used in IBM i Operating System (CVE-2013-0149 and CVE-2013-5385)Vendor Advisory
-
http://www.kb.cert.org/vuls/id/BLUU-985QTG
VU#229804 - Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
Products affected by CVE-2013-5385
- cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:6.1:*:*:*:*:*:*:*