Gabi Nakibly

Name of the Vulnerable Software and Affected Versions: Open Shortest Path First (OSPF) protocol implementations (affected versions not specified) Description: The issue arises from improper determination of Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to the protocol, when sequence numbers are the same, the LSA with the larger checksum is considered more recent. An attacker can craft a LSA with MaxSequenceNumber and invalid links, resulting in a larger checksum, which will not be flushed from the Link State Database (LSDB). This can lead to the erasure or alteration of routing tables, causing a denial of service condition or re-routing of traffic. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i versions 6.1 through 7.3 **Description** The issue arises when a rogue router spoofs its origin, affecting routing tables due to a missing LSA, which may result in loss of connectivity. **Recommendations** For versions 6.1 through 7.3, update to a version that includes the fix for this issue to prevent loss of connectivity due to spoofed router origins.

**Name of the Vulnerable Software and Affected Versions** AC6005 version V200R006C10SPC200 AC6605 version V200R006C10SPC200 AR1200 versions V200R005C10CP0582T through V200R005C10HP0581T, V200R005C20SPC026T AR200 version V200R005C20SPC026T AR3200 version V200R005C20SPC026T CloudEngine 12800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 5800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 6800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 7800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 8800 versions V100R006C00, V200R001C00 E600 version V200R008C00 S12700 versions V200R005C00 through V200R008C00 S1700 versions V100R006C00 through V100R007C00, V200R006C00 S2300 versions V100R005C00 through V100R008C00 S2700 versions V100R005C00 through V100R008C00 S5300 versions V100R005C00 through V100R008C00 S5700 versions V100R005C00 through V100R008C00 S6300 versions V100R006C00, V200R001C00 through V200R008C00 S6700 versions V100R006C00, V200R001C00 through V200R008C00 S7700 versions V100R003C00, V100R006C00, V200R001C00 through V200R008C00 S9300 versions V100R001C00 through V100R008C00, V200R008C10 S9700 versions V200R001C00 through V200R008C00 Secospace USG6600 version V500R001C00SPC050 **Description** The issue is due to improper OSPF implementation, which can be exploited when the device receives special LSA packets, setting the LS age to MaxAge, 3600 seconds. This can lead to route table poisoning and a DoS attack. **Recommendations** For each affected version, update the software to a version that is not vulnerable to this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 41.0.2272.76 **Description** The issue allows remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for `ondeviceorientation` events. This is achieved by not properly restricting access to high-rate gyroscope data. **Recommendations** For versions prior to 41.0.2272.76, update to version 41.0.2272.76 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS versions 12.0 through 12.4 Cisco IOS versions 15.0 through 15.3 Cisco IOS-XE versions 2.x through 3.9.xS Cisco ASA and PIX versions 7.x through 9.1 Cisco FWSM Cisco NX-OS Cisco StarOS versions prior to 14.0.50488 **Description** The OSPF implementation in Cisco products does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database. This allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a unicast or multicast packet. An attacker could trigger this vulnerability by injecting crafted OSPF packets, potentially causing flushing of the routing table on a targeted router and propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain. **Recommendations** For Cisco IOS versions 12.0 through 12.4, update to a fixed version. For Cisco IOS versions 15.0 through 15.3, update to a fixed version. For Cisco IOS-XE versions 2.x through 3.9.xS, update to a fixed version. For Cisco ASA and PIX versions 7.x through 9.1, update to a fixed version. For Cisco FWSM, update to a fixed version. For Cisco NX-OS, update to a fixed version. For Cisco StarOS versions prior to 14.0.50488, update to version 14.0.50488 or later. As a temporary workaround, consider restricting access to the OSPF protocol to minimize the risk of exploitation.