Adi Sosnovich

Name of the Vulnerable Software and Affected Versions: Open Shortest Path First (OSPF) protocol implementations (affected versions not specified) Description: The issue arises from improper determination of Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to the protocol, when sequence numbers are the same, the LSA with the larger checksum is considered more recent. An attacker can craft a LSA with MaxSequenceNumber and invalid links, resulting in a larger checksum, which will not be flushed from the Link State Database (LSDB). This can lead to the erasure or alteration of routing tables, causing a denial of service condition or re-routing of traffic. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AC6005 version V200R006C10SPC200 AC6605 version V200R006C10SPC200 AR1200 versions V200R005C10CP0582T through V200R005C10HP0581T, V200R005C20SPC026T AR200 version V200R005C20SPC026T AR3200 version V200R005C20SPC026T CloudEngine 12800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 5800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 6800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 7800 versions V100R003C00 through V100R006C00, V200R001C00 CloudEngine 8800 versions V100R006C00, V200R001C00 E600 version V200R008C00 S12700 versions V200R005C00 through V200R008C00 S1700 versions V100R006C00 through V100R007C00, V200R006C00 S2300 versions V100R005C00 through V100R008C00 S2700 versions V100R005C00 through V100R008C00 S5300 versions V100R005C00 through V100R008C00 S5700 versions V100R005C00 through V100R008C00 S6300 versions V100R006C00, V200R001C00 through V200R008C00 S6700 versions V100R006C00, V200R001C00 through V200R008C00 S7700 versions V100R003C00, V100R006C00, V200R001C00 through V200R008C00 S9300 versions V100R001C00 through V100R008C00, V200R008C10 S9700 versions V200R001C00 through V200R008C00 Secospace USG6600 version V500R001C00SPC050 **Description** The issue is due to improper OSPF implementation, which can be exploited when the device receives special LSA packets, setting the LS age to MaxAge, 3600 seconds. This can lead to route table poisoning and a DoS attack. **Recommendations** For each affected version, update the software to a version that is not vulnerable to this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.