PT-2013-5205 · Hewlett Packard · Hp Jd9##A+8
Published
2013-08-12
·
Updated
2014-01-04
·
CVE-2013-4806
CVSS v2.0
7.0
High
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
HP JD9##A routers version (affected versions not specified)
HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches version (affected versions not specified)
HP 3COM routers and switches version (affected versions not specified)
HP H3C routers and switches version (affected versions not specified)
Description
The issue is related to the OSPF implementation, which does not account for duplicate Link State ID values in Link State Advertisement (LSA) packets. This allows remote authenticated users to cause a denial of service, resulting in routing disruption, or obtain sensitive packet information by sending a crafted LSA packet.
Recommendations
For HP JD9##A routers, update the OSPF implementation to consider duplicate Link State ID values.
For HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches, update the OSPF implementation to consider duplicate Link State ID values.
For HP 3COM routers and switches, update the OSPF implementation to consider duplicate Link State ID values.
For HP H3C routers and switches, update the OSPF implementation to consider duplicate Link State ID values.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hp 3Com
Hp H3C
Hp J4###A
Hp J484#B
Hp J8###A
Hp Jd3##A
Hp Jd9##A
Hp Je###A
Hp Jf55#A