OSPF Protocol Vulnerability in Cisco IOS and ASA Software
CVE-2017-6770

4.2MEDIUM

Key Information:

Vendor
Cisco
Status
Multiple Cisco Products
Vendor
CVE Published:
7 August 2017

Summary

A vulnerability exists in the Open Shortest Path First (OSPF) Routing Protocol, allowing unauthenticated remote attackers to inject malicious OSPF packets. Successful exploitation enables attackers to manipulate the OSPF Autonomous System's routing table, potentially leading to traffic interception or loss. The vulnerability can only be triggered by sending specially crafted OSPF Link State Advertisement (LSA) type 1 packets, leading to the disruption of normal routing operations. OSPFv3 and Fabric Shortest Path First (FSPF) protocols are not affected by this flaw.

Affected Version(s)

Multiple Cisco Products Multiple Cisco Products

References

http://www.securitytracker.com/id/1039005
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039006
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/100005
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.