CVE-2013-0149

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0 through 12.4 Cisco IOS versions 15.0 through 15.3 Cisco IOS-XE versions 2.x through 3.9.xS Cisco ASA and PIX versions 7.x through 9.1 Cisco FWSM Cisco NX-OS Cisco StarOS versions prior to 14.0.50488

Description The OSPF implementation in Cisco products does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database. This allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a unicast or multicast packet. An attacker could trigger this vulnerability by injecting crafted OSPF packets, potentially causing flushing of the routing table on a targeted router and propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain.

Recommendations For Cisco IOS versions 12.0 through 12.4, update to a fixed version. For Cisco IOS versions 15.0 through 15.3, update to a fixed version. For Cisco IOS-XE versions 2.x through 3.9.xS, update to a fixed version. For Cisco ASA and PIX versions 7.x through 9.1, update to a fixed version. For Cisco FWSM, update to a fixed version. For Cisco NX-OS, update to a fixed version. For Cisco StarOS versions prior to 14.0.50488, update to version 14.0.50488 or later. As a temporary workaround, consider restricting access to the OSPF protocol to minimize the risk of exploitation.