OSPF Implementation Flaw in HP Switches and Routers
CVE-2013-4806

Currently unrated

Key Information:

Vendor: HP
Status: 3com Router; 5500g-24 Ei 10\/100\/1000 No Power Supply Unit Switch; 5500-48g Si Switch; 5500-48g Ei Switch
Vendor: CVE Published:; 12 August 2013

What is CVE-2013-4806?

The OSPF implementation on various HP routers and switches is susceptible to a flaw where it fails to properly manage duplicate Link State ID values in Link State Advertisement packets. This oversight allows remote authenticated users to potentially induce a denial of service due to routing interruptions or inadvertently disclose sensitive packet information by sending specially crafted LSA packets. This issue raises concerns about network reliability and data security, warranting the need for immediate attention from affected users.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://www.kb.cert.org/vuls/id/229804

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2013
Vulnerability Reserved
Jul 12, 2013