-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.0410
      OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
                             14 February 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco IOS Software
                   Cisco NX-OS Software
                   Cisco FWSM Software
                   Cisco ASA
                   Cisco PIX
                   Cisco IOS-XE
                   Cisco ASR 5000
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service   -- Remote/Unauthenticated
                   Unauthorised Access -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-0149  

Reference:         ASB-2013.0113
                   ESB-2013.1053

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Security Advisory

OSPF LSA Manipulation Vulnerability in Multiple Cisco Products

Medium
Advisory ID:
cisco-sa-20130801-lsaospf
First Published:
2013 August 1 16:00  GMT
Last Updated: 
2017 February 13 14:29  GMT
Version 1.4:
Final
Workarounds:
Yes
Cisco Bug IDs:
CSCug34469
CSCug34485
CSCug39762
More...
CSCug34469
CSCug34485
CSCug39762
CSCug39795
CSCug63304
CVE-2013-0149
CWE-20
CVSS Score:
Base 5.8, Temporal 4.8 Score AV:N/AC:M/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C
CVE-2013-0149
CWE-20
Download CVRF
Download OVAL
Download PDF
Email

Summary

Multiple Cisco products are affected by a vulnerability involving the Open
Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA)
database. This vulnerability could allow an unauthenticated attacker to
take full control of the OSPF Autonomous System (AS) domain routing table,
blackhole traffic, and intercept traffic.

The attacker could trigger this vulnerability by injecting crafted OSPF
packets. Successful exploitation could cause flushing of the routing table
on a targeted router, as well as propagation of the crafted OSPF LSA type 1
update throughout the OSPF AS domain.

To exploit this vulnerability, an attacker must accurately determine
certain parameters within the LSA database on the target router. This
vulnerability can only be triggered by sending crafted unicast or multicast
LSA type 1 packets. No other LSA type packets can trigger this
vulnerability.

OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First
(FSPF) protocol is not affected by this vulnerability.

Workarounds that address this vulnerability are available. This advisory is
available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20130801-lsaospf

Affected Products

   
Vulnerable Products

The following Cisco Products have an OSPF implementation that is affected
by this vulnerability. Refer to the Software Versions and Fixes section for
information on fixed software.

Cisco IOS Software

Cisco devices that are running Cisco IOS Software and configured for OSPF
are vulnerable. Devices that do not have OSPF enabled are not affected by
this vulnerability.

Note: This vulnerability can only be triggered by targeting the OSPF
multicast address or directly targeting interfaces that are OSPF enabled.

OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First
(FSPF) protocol is not affected by this vulnerability.

To determine if a Cisco IOS device is configured with OSPF on an interface,
use the show ip ospf interface command. The following is the output of the 
show ip ospf interface command on a Cisco IOS device configured with OSPF
and enabled on the GigabitEthernet0/0/1 interface:


    Router#show ip ospf interface
    GigabitEthernet0/0/1 is up, line protocol is up 
    Internet Address 192.168.2.4/24, Area 0, Attached via Network Statement 
    Process ID 1, Router ID 10.10.10.4, Network Type BROADCAST, Cost: 1 
    Topology-MTID    Cost    Disabled    Shutdown      Topology Name 
          0           1         no          no            Base
    Transmit Delay is 1 sec, State DR, Priority 1 
    <output truncated>



This vulnerability only affects Router LSAs (LSA type 1). As the result of
exploitation of this vulnerability, the targeted router will have
inconsistent information in its Router Link States LSA database, where the
Link ID information will not match Advertising Router ID in the output of
the show ip ospf database command.
The following is the output of the show ip ospf database command in a Cisco
IOS device affected by this vulnerability:


    Router>show ip ospf database
     
                OSPF Router with ID (10.10.10.1) (Process ID 1)
     
        Router Link States (Area 0)
     
    Link ID         ADV Router      Age         Seq#       Checksum Link count
    10.10.10.4      10.10.10.4      334         0x8000000E 0x00E29A 3
    10.10.10.1      192.168.27.11   22          0x80000011 0x0062A8 3
    10.10.10.2      10.10.10.2      298         0x80000018 0x00394A 2
    10.10.10.3      10.10.10.3      305         0x80000020 0x00E715 3 
    <output truncated>


Note: An affected targeted router will propagate the crafted LSA throughout
the OSPF area. If the vulnerability is successfully exploited, all the
routers in the same OSPF area will have a copy of the crafted LSA Type
1 entry in the OSPF LSA database.

To determine the Cisco IOS Software release that is running on a Cisco
product, administrators can log into the device and issue the show version
command to display the system banner. The system banner confirms that the
device is running Cisco IOS Software by displaying text similar to "Cisco
Internetwork Operating System Software" or "Cisco IOS Software." The image
name displays in parentheses, followed by "Version" and the Cisco IOS
Software release name. Other Cisco devices do not have the show version
command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS
Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:


    Router>show version 
    Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) 
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2009 by cisco Systems, Inc. 
    Compiled Wed 02-Dec-09 17:17 by prod_rel_team 
    <output truncated>


Additional information about Cisco IOS Software release naming conventions
is available in "White Paper: Cisco IOS Reference Guide" at the following
link:

http://www.cisco.com/web/about/security/intelligence/ios-ref.html


Note: Cisco IOS XR is not affected by this vulnerability.


Cisco IOS-XE Software

Cisco devices that are running Cisco IOS XE Software and configured for
OSPF are vulnerable. Devices that do not have OSPF enabled are not affected
by this vulnerability.

The version of Cisco IOS-XE Software that is running on a Cisco device can
be determined using the show version command from the Command Line
Interface (CLI).


Cisco Adaptive Security Appliance (ASA), Cisco ASA Service Module (ASA-SM)
and Cisco Pix Firewall

Cisco devices that are running Cisco ASA or Cisco PIX Software and
configured for OSPF are vulnerable. Devices that do not have OSPF enabled
are not affected by this vulnerability.

The version of software that is running on a Cisco ASA, Cisco ASA-SM or
Cisco Pix security appliances can be determined using the show version
command from the CLI.


Cisco Firewall Services Module (FWSM)

Cisco devices that are running Cisco FWSM Software and configured for OSPF
are vulnerable. Devices that do not have OSPF enabled are not affected by
this vulnerability.

The version of software that is running on a Cisco FWSM can be determined
using the show version command from the CLI.


Cisco NX-OS Software

Cisco devices that are running Cisco NX-OS Software and configured for OSPF
are vulnerable. Devices that do not have OSPF enabled are not affected by
this vulnerability.

The version of Cisco NX-OS Software that is running on Cisco Nexus 3000,
5000, 6000 and 7000 series devices can be determined using the show version
command from the CLI.

Exploiting the vulnerability on a Cisco Nexus device will not affect the
local routing table of Cisco Nexus. However, the Cisco Nexus devices will
install and propagate the crafted LSA to other devices in the OSPF area.
Such crafted LSA propagated to other routers that are part of the same OSPF
AS may affect the routing tables across the OSPF AS. 

Note: Cisco Nexus 1000v Series is not affected by this vulnerability.


Cisco ASR 5000

Cisco devices that are running Cisco StarOS Software and configured for
OSPF are vulnerable. Devices that do not have OSPF enabled are not affected
by this vulnerability.

The version of software that is running on a Cisco ASR 5000 can be
determined using the show version command from the CLI.




Products Confirmed Not Vulnerable

The following Cisco products are not affected by this vulnerability:

   Cisco IOS XR Software
   Cisco Connected Grid Routers
   Cisco Nexus 1000v Series
   Cisco Nexus 9000 Series
   Cisco Next Generation Wiring Closet (NGWC)

No other Cisco products are currently known to be affected by this
vulnerability.



Details

OSPF is a routing protocol defined by RFC 2328. It is designed to manage IP
routing inside an AS. OSPF packets use IP protocol number 89.

Multiple Cisco products are affected by a vulnerability involving the Open
Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA)
database. This vulnerability could allow an unauthenticated attacker to
take full control of the OSPF Autonomous System (AS) domain routing table,
blackhole traffic, and intercept traffic.

The attacker could trigger this vulnerability by injecting crafted OSPF
packets. Successful exploitation could cause flushing of the routing table
on a targeted router, as well as propagation of the crafted OSPF LSA type 1
update throughout the OSPF AS domain.

To exploit this vulnerability, an attacker must accurately determine
certain parameters within the LSA database on the target router. This
vulnerability can only be triggered by sending crafted unicast or multicast
LSA type 1 packets. No other LSA type packets can trigger this
vulnerability.

OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First
(FSPF) protocol is not affected by this vulnerability.

Network devices running the OSPF protocol may be impacted by this
vulnerability if they receive a crafted LSA type 1 packet. This packet does
not have to be acknowledged, and it can originate from a spoofed IP
address.
In order to exploit this vulnerability, an attacker needs to determine a
number of factors, such as the network placement and IP address of the
target router, LSA DB sequence numbers, and the router ID of the OSPF
Designated Router (DR). An attacker needs to know all of the factors in
order to exploit this vulnerability.

Since OSPF processes unicast packets as well as multicast packets, this
vulnerability can be exploited remotely and can be used to target multiple
systems on the local segment simultaneously. Using OSPF authentication as
described in the Workarounds section can mitigate the effects of this
vulnerability. Using OSPF authentication is a highly recommended security
best practice, regardless of the presence of this vulnerability.

Refer to http://www.cisco.com/en/US/docs/ios/iproute_ospf/configuration/
guide/iro_cfg.html#wp1054174 for more information about Configuring OSPF.

Once processed, a crafted LSA type 1 packet may cause a directly targeted
router to flush the content of its routing table and propagate the crafted
LSA update throughout the OSPF area. OSPF member routers of the same area
would be affected by processing and installing a crafted LSA type 1 packet
propagated by the victim router. This may lead to a number of consequences,
such as the injection of false routes into the OSPF routing table, the
blackholing of traffic, or redirecting of traffic to a destination that is
controlled by an attacker.

In order to recover affected systems, administrators can delete the OSPF
configuration from the affected device and enable it again. Alternatively,
a reload is required to recover affected systems. Clearing the OSPF process
or routing table by means of commands such as clear ip ospf process or
clear ip route does not have any effect and cannot be used to recover
affected systems.

Note: All unfixed versions of Cisco IOS Software, Cisco IOS XE Software,
Cisco ASA Software, Cisco PIX Software and Cisco FWSM Software are affected
by this vulnerability. A targeted device running affected software will
flush the contents of its routing table and propagate the crafted LSA
packet throughout the OSPF area.

This vulnerability is documented in the following Cisco bug IDs:

   CSCug34485 (registered customers only) for Cisco IOS Software and Cisco
    IOS XE Software has been assigned Common Vulnerabilities and Exposures
    (CVE) ID CVE-2013-0149
   CSCug34469 (registered customers only) for Cisco ASA and Cisco Pix has
    been assigned Common Vulnerabilities and Exposures (CVE) ID 
    CVE-2013-0149
   CSCug39762 (registered customers only) for Cisco FWSM has been assigned
    Common Vulnerabilities and Exposures (CVE) ID CVE-2013-0149
   CSCug63304 (registered customers only) for Cisco NX-OS Software has
    been assigned Common Vulnerabilities and Exposures (CVE)
    ID CVE-2013-0149
   CSCug39795 (registered customers only) for Cisco StarOS Software has
    been assigned Common Vulnerabilities and Exposures (CVE)
    ID CVE-2013-0149




Workarounds

   
The use of OSPF authentication is a valid workaround. OSPF packets without
a valid key will not be processed. MD5 authentication is highly
recommended, due to inherent weaknesses in plain text authentication. With
plain text authentication, the authentication key will be sent unencrypted
over the network, which can allow an attacker on a local network segment to
capture the key by sniffing packets.

Refer to http://www.cisco.com/en/US/tech/tk365/
technologies_configuration_example09186a0080094069.shtml for more
information about OSPF authentication.


Additionally, an OSPF Time To Live (TTL) security check can be applied as a
partial workaround.
Note: This workaround is valid to protect against remotely triggered
attacks and does not protect against attackers that are layer 2-adjacent to
vulnerable devices.

For more information about general Interior Gateway Protocol (IGP)
hardening, refer to http://www.cisco.com/en/US/tech/tk365/
technologies_configuration_example09186a0080094069.shtml.

Additional mitigations that can be deployed on Cisco devices within the
network are available in the Cisco Applied Mitigation Bulletin companion
document for this advisory, which is available at the following link: http:
//tools.cisco.com/security/center/viewAMBAlert.x?alertId=29974

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory. When considering software upgrades, customers
are advised to regularly consult the advisories for Cisco products, which
are available from the Cisco Security Advisories and Alerts page, to
determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Cisco IOS Software

Each row of the following Cisco IOS Software table corresponds to a Cisco
IOS Software train. If a particular train is vulnerable, the earliest
releases that contain the fix are listed in the First Fixed Release column.
The First Fixed Release for All Advisories in the March 2013 Bundled
Publication column lists the earliest possible releases that correct all
the published vulnerabilities in the Cisco IOS Software Security Advisory
bundled publication. Cisco recommends upgrading to the latest available
release where possible.

The Cisco IOS Software Checker allows customers to search for Cisco
Security Advisories that address specific Cisco IOS Software releases. This
tool is available on the Cisco Security (SIO) portal at http://
tools.cisco.com/security/center/selectIOSVersion.x



Major Release                Availability of Repaired Releases          

Affected                                                            
12.0-Based                     First Fixed Release                   
Releases                                                            

12.0S         Releases up to and including 12.0(1)S are not            
              vulnerable.                                              

              Vulnerable; contact your support organization per the    
12.0SY        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.0SZ        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

Affected                                                            

12.2-Based                     First Fixed Release                   

Releases                                                            

12.2BX        Vulnerable; First fixed in Release 12.2SB                

12.2DA        Vulnerable; First fixed in Release 15.1M                 

12.2EWA       Vulnerable; First fixed in Release 12.2SG                

12.2EX        Vulnerable; First fixed in Release 15.0SE                

              Vulnerable; contact your support organization per the    
12.2EY        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.2EZ        12.2(60)EZ                                               

12.2IRA       Vulnerable; First fixed in Release 12.2SRE               

12.2IRB       Vulnerable; First fixed in Release 12.2SRE               

12.2IRC       Vulnerable; First fixed in Release 12.2SRE               

12.2IRD       Vulnerable; First fixed in Release 12.2SRE               

12.2IRE       Vulnerable; First fixed in Release 12.2SRE               

12.2IRF       Vulnerable; First fixed in Release 12.2SRE               

              Vulnerable; contact your support organization per the    
12.2IRG       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2IRH       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2IRI       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2IXF       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2IXG       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2IXH       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.2MC        Vulnerable; First fixed in Release 15.1M                 

12.2MRA       Vulnerable; First fixed in Release 12.2SRE               

              Vulnerable; contact your support organization per the    
12.2MRB       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.2S         Vulnerable; First fixed in Release 12.2SB                

12.2SB        12.2(33)SB15                                             

12.2SCA       Vulnerable; First fixed in Release 12.2SCG               

12.2SCB       Vulnerable; First fixed in Release 12.2SCG               

12.2SCC       Vulnerable; First fixed in Release 12.2SCG               

12.2SCD       Vulnerable; First fixed in Release 12.2SCG               

12.2SCE       Vulnerable; First fixed in Release 12.2SCG               

12.2SCF       Vulnerable; First fixed in Release 12.2SCG               

12.2SCG       12.2(33)SCG5                                             

12.2SCH       Not vulnerable                                           

12.2SE        12.2(55)SE8                                              

              Releases prior to 12.2(25)SEG4 are vulnerable; Releases  
12.2SEG       12.2(25)SEG4 and later are not vulnerable. First fixed   
              in Release 15.0SE                                        

12.2SG        12.2(53)SG10                                             

12.2SGA       Vulnerable; First fixed in Release 12.2SG                

              Vulnerable; contact your support organization per the    
12.2SM        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2SQ        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.2SRA       Vulnerable; First fixed in Release 12.2SRE               

12.2SRB       Vulnerable; First fixed in Release 12.2SRE               

12.2SRC       Vulnerable; First fixed in Release 12.2SRE               

12.2SRD       Vulnerable; First fixed in Release 12.2SRE               

12.2SRE       12.2(33)SRE9                                             

12.2STE       Not vulnerable                                           

              Vulnerable; contact your support organization per the    
12.2SV        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2SVD       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2SVE       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.2SW        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.2SXF       instructions in Obtaining Fixed Software section of this 
              advisory.                                                
              Please see IOS Software Modularity Patch                 

              Vulnerable; contact your support organization per the    
12.2SXH       instructions in Obtaining Fixed Software section of this 
              advisory.                                                
              Please see IOS Software Modularity Patch                 

12.2SXI       12.2(33)SXI12                                            

12.2SXJ       12.2(33)SXJ6                                             

12.2SY        Vulnerable; First fixed in Release 15.0SY                

12.2WO        Vulnerable; First fixed in Release 15.0SG                

12.2XNA       Please see Cisco IOS-XE Software Availability            

12.2XNB       Please see Cisco IOS-XE Software Availability            

12.2XNC       Please see Cisco IOS-XE Software Availability            

12.2XND       Please see Cisco IOS-XE Software Availability            

12.2XNE       Please see Cisco IOS-XE Software Availability            

12.2XNF       Please see Cisco IOS-XE Software Availability            

12.2XO        Vulnerable; First fixed in Release 12.2SG                

              Vulnerable; contact your support organization per the    
12.2YT        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.2ZYA       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

Affected                                                            

12.3-Based                     First Fixed Release                   

Releases                                                            

12.3B         Vulnerable; First fixed in Release 15.1M                 

12.3BC        Vulnerable; First fixed in Release 12.2SCG               

12.3BW        Vulnerable; First fixed in Release 15.1M                 

              Releases prior to 12.3(4)JA2 are vulnerable; Releases    
12.3JA        12.3(4)JA2 and later are not vulnerable. Migrate to any  
              release in 12.4JA                                        

12.3JEA       Not vulnerable                                           

12.3JEB       Not vulnerable                                           

12.3JEC       Not vulnerable                                           

12.3JED       Not vulnerable                                           

12.3JEE       Not vulnerable                                           

              Releases up to and including 12.3(2)JK3 are not          
12.3JK        vulnerable.                                              
              Releases 12.3(8)JK1 and later are not vulnerable. First  
              fixed in Release 15.1M                                   

12.3JL        Not vulnerable                                           

12.3JX        Not vulnerable                                           

12.3T         Vulnerable; First fixed in Release 15.1M                 

12.3TPC       Releases up to and including 12.3(4)TPC11a are not       
              vulnerable.                                              

              Releases prior to 12.3(2)XA7 are vulnerable; Releases    
12.3XA        12.3(2)XA7 and later are not vulnerable. First fixed in  
              Release 15.1M                                            

              Vulnerable; contact your support organization per the    
12.3XB        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.3XC        Vulnerable; First fixed in Release 15.1M                 

12.3XD        Vulnerable; First fixed in Release 15.1M                 

12.3XE        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.3XF        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.3XG        Vulnerable; First fixed in Release 15.1M                 

12.3XI        Vulnerable; First fixed in Release 12.2SB                

12.3XJ        Vulnerable; First fixed in Release 15.1M                 

12.3XK        Vulnerable; First fixed in Release 15.1M                 

12.3XL        Vulnerable; First fixed in Release 15.1M                 

12.3XQ        Vulnerable; First fixed in Release 15.1M                 

12.3XR        Vulnerable; First fixed in Release 15.1M                 

12.3XU        Vulnerable; First fixed in Release 15.1M                 

12.3XW        Vulnerable; First fixed in Release 15.1M                 

12.3XX        Vulnerable; First fixed in Release 15.1M                 

12.3XY        Not vulnerable                                           

12.3XZ        Vulnerable; First fixed in Release 15.1M                 

12.3YD        Vulnerable; First fixed in Release 15.1M                 

12.3YF        Vulnerable; First fixed in Release 15.1M                 

12.3YG        Vulnerable; First fixed in Release 15.1M                 

12.3YI        Vulnerable; First fixed in Release 15.1M                 

12.3YJ        Vulnerable; First fixed in Release 15.1M                 

12.3YK        Vulnerable; First fixed in Release 15.1M                 

12.3YM        Vulnerable; First fixed in Release 15.1M                 

12.3YQ        Vulnerable; First fixed in Release 15.1M                 

12.3YS        Vulnerable; First fixed in Release 15.1M                 

12.3YT        Vulnerable; First fixed in Release 15.1M                 

12.3YU        Vulnerable; First fixed in Release 15.1M                 

12.3YX        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.3YZ        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.3ZA        Vulnerable; First fixed in Release 15.1M                 

Affected                                                            

12.4-Based                     First Fixed Release                   

Releases                                                            

12.4          Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.4GC        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.4JA        Not vulnerable                                           

12.4JAL       Not vulnerable                                           

12.4JAM       Not vulnerable                                           

12.4JAN       Not vulnerable                                           

12.4JAX       Not vulnerable                                           

12.4JAZ       Not vulnerable                                           

12.4JDA       Not vulnerable                                           

12.4JDC       Not vulnerable                                           

12.4JDD       Not vulnerable                                           

12.4JDE       Not vulnerable                                           

12.4JHA       Not vulnerable                                           

12.4JHB       Not vulnerable                                           

12.4JHC       Not vulnerable                                           

12.4JK        Not vulnerable                                           

12.4JL        Not vulnerable                                           

12.4JX        Not vulnerable                                           

12.4JY        Not vulnerable                                           

12.4JZ        Not vulnerable                                           

              Vulnerable; First fixed in Release 12.4MDA               
12.4MD        Releases up to and including 12.4(24)MD are not          
              vulnerable.                                              

12.4MDA       12.4(24)MDA13                                            

12.4MDB       Vulnerable; First fixed in Release 12.4MDA               

              Vulnerable; contact your support organization per the    
12.4MR        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.4MRA       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.4MRB       Vulnerable; First fixed in Release 15.1M                 

12.4SW        Vulnerable; First fixed in Release 15.1M                 

12.4T         Vulnerable; First fixed in Release 15.1M                 

12.4XA        Vulnerable; First fixed in Release 15.1M                 

12.4XB        Vulnerable; First fixed in Release 15.1M                 

12.4XC        Vulnerable; First fixed in Release 15.1M                 

12.4XD        Vulnerable; First fixed in Release 15.1M                 

12.4XE        Vulnerable; First fixed in Release 15.1M                 

12.4XF        Vulnerable; First fixed in Release 15.1M                 

12.4XG        Vulnerable; First fixed in Release 15.1M                 

12.4XJ        Vulnerable; First fixed in Release 15.1M                 

12.4XK        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.4XL        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.4XM        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.4XN        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.4XP        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.4XQ        Vulnerable; First fixed in Release 15.1M                 

12.4XR        Vulnerable; First fixed in Release 15.1M                 

12.4XT        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.4XV        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.4XW        Vulnerable; First fixed in Release 15.1M                 

12.4XY        Vulnerable; First fixed in Release 15.1M                 

12.4XZ        Vulnerable; First fixed in Release 15.1M                 

12.4YA        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.4YB        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
12.4YD        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

12.4YE        Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
12.4YG        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

Affected                                                            

15.0-Based                     First Fixed Release                   

Releases                                                            

15.0EA        Not vulnerable                                           

15.0EB        Not vulnerable                                           

15.0EC        Not vulnerable                                           

15.0ED        Vulnerable; migrate to any release in 15.2E              

              Vulnerable; contact your support organization per the    
15.0EF        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.0EH        Not vulnerable                                           

15.0EJ        Not vulnerable                                           

15.0EX        15.0(1)EX2                                               

15.0EY        15.0(2)EY2                                               

15.0EZ        15.0(1)EZ                                                

15.0M         Vulnerable; First fixed in Release 15.1M                 

              Vulnerable; contact your support organization per the    
15.0MR        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
15.0S         instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.0SE        15.0(2)SE3                                               

15.0SG        15.0(2)SG7                                               

              Vulnerable; contact your support organization per the    
15.0SQA       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.0SQB       Not vulnerable                                           

15.0SY        15.0(1)SY5                                               

15.0XA        Vulnerable; First fixed in Release 15.1M                 

15.0XO        Vulnerable; First fixed in Release 15.0SG                

Affected                                                            

15.1-Based                     First Fixed Release                   

Releases                                                            

              Vulnerable; contact your support organization per the    
15.1EY        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.1GC        Vulnerable; First fixed in Release 15.1M                 

15.1M         15.1(4)M7                                                

              Vulnerable; contact your support organization per the    
15.1MR        instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
15.1MRA       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
15.1S         instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.1SG        15.1(2)SG1                                               

              Vulnerable; contact your support organization per the    
15.1SNG       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
15.1SNH       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
15.1SNI       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.1SVD       Not vulnerable                                           

15.1SY        15.1(1)SY1                                               
              15.1(2)SY                                                

15.1T         Vulnerable; First fixed in Release 15.1M                 

15.1XB        Vulnerable; First fixed in Release 15.1M                 

15.1XO        Not vulnerable                                           

Affected                                                            

15.2-Based                     First Fixed Release                   

Releases                                                            

15.2E         Not vulnerable                                           

15.2EY        Not vulnerable                                           

15.2GC        Vulnerable; migrate to any release in 15.4T              

15.2JA        Not vulnerable                                           

15.2JAX       Not vulnerable                                           

15.2JB        Releases prior to 15.2(2)JB2 are vulnerable; Releases    
              15.2(2)JB2 and later are not vulnerable.                 

15.2JN        Not vulnerable                                           

15.2M         15.2(4)M4                                                

              Vulnerable; contact your support organization per the    
15.2S         instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.2SA        15.2(2)SA                                                

              Vulnerable; contact your support organization per the    
15.2SNG       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

              Vulnerable; contact your support organization per the    
15.2SNH       instructions in Obtaining Fixed Software section of this 
              advisory.                                                

15.2SNI       Vulnerable; First fixed in Release 15.3S                 

15.2T         15.2(2)T4                                                
              15.2(3)T4                                                

Affected                                                            

15.3-Based                     First Fixed Release                   
  
Releases                                                            

15.3S         15.3(1)S2                                                
              15.3(2)S1                                                

              15.3(1)T2                                                
15.3T         15.3(2)T1                                                
              15.3(2)T2; Available on 13-DEC-13                        


Cisco IOS-XE Software
   
Affected   First Fixed Release
Releases
2.x        Vulnerable; migrate to 3.8.2S or later
3.1.xSG    Vulnerable; migrate to 3.2.7SG or later
3.2.xSG    3.2.7SG
3.2.xSE    3.2.2SE
3.2.xSQ    Vulnerable; migrate to 3.3.0SQ or later
3.2.xXO    Vulnerable
3.3.xSG    Vulnerable; migrate to 3.4.1SG
3.3.xSQ    Not vulnerable
3.4.xSG    3.4.1SG
3.1.xS     Vulnerable; migrate to 3.8.2S or later
3.2.xS     Vulnerable; migrate to 3.8.2S or later
3.3.xS     Vulnerable; migrate to 3.8.2S or later
           Vulnerable; contact your support organization per the
3.4.xS     instructions in Obtaining Fixed Software section of this
           advisory.
3.5.xS     Vulnerable; migrate to 3.8.2S or later
3.6.xS     Vulnerable; migrate to 3.8.2S or later
           Vulnerable; contact your support organization per the
3.7.xS     instructions in Obtaining Fixed Software section of this
           advisory.
3.8.xS     3.8.2S
3.9.xS     3.9.1S
3.10.xS    Not vulnerable

Cisco ASA and Cisco PIX Software

Affected   First Fixed Release
Releases 
7.x        Vulnerable; migrate to 8.4.6.5 or later
8.0        Vulnerable; migrate to 8.4.6.5 or later
8.1        Vulnerable; migrate to 8.4.6.5 or later
8.2        Vulnerable; migrate to 8.4.6.5 or later
8.3        Vulnerable; migrate to 8.4.6.5 or later
8.4        8.4.6.5
8.5        Vulnerable; migrate to 9.0.3 or later
8.6        Vulnerable; migrate to 9.0.3 or later
8.7        Not vulnerable
9.0        9.0.3
9.1        9.1.2.5; contact your support organization per the instructions
           in Obtaining Fixed Software section of this advisory.


Cisco FWSM Software

All versions of Cisco FWSM Software are affected by the vulnerability that
is disclosed in this document. There are currently no official fixed
releases available on Cisco.com, but interim releases may be available
through Cisco Technical Assistance Center (TAC).

Customers with service contracts should contact Cisco support
organization per the instructions in the Obtaining Fixed Software section
of this advisory.

Cisco NX-OS Software

Cisco Nexus 7000:

Affected Releases  First Fixed Release
4.x                Vulnerable
5.x                Vulnerable
6.0                Vulnerable
6.1                6.1(4)a
6.2                6.2.6
7.x                Not vulnerable



Cisco Nexus 5000:


Affected Releases  First Fixed Release
4.x                Vulnerable
5.x                Vulnerable
6.x                Vulnerable
7.x                7.0.0.N1(1)



All versions of Cisco NX-OS Software for Cisco Nexus 3000, Cisco Nexus
4000, and Cisco Nexus 6000 are affected by the vulnerability that is
disclosed in this document. There are currently no official fixed releases
available on Cisco.com, but interim releases may be available through Cisco
Technical Assistance Center (TAC). Customers with service contracts should
contact Cisco support organization per the instructions in the Obtaining
Fixed Software section of this advisory.


Cisco StarOS Software

This vulnerability has been fixed in Cisco StarOS Software version
14.0.50488.

Customers with service contracts should contact Cisco support
organization per the instructions in the Obtaining Fixed Software section
of this advisory.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

This vulnerability was found and reported to Cisco by Dr. Gabi Nakibly from
Rafael Advanced Defense Systems as joint work he conducted with Eitan
Menahem, Yuval Elovici and Ariel Waizel of Telekom Innovation Laboratories
at Ben Gurion University.



Cisco Security Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Subscribe

Action Links for This Advisory

Identifying and Mitigating Exploitation of the OSPF LSA Manipulation
Vulnerability in Multiple Cisco Products
Cisco OSPF Blind LSA Injection Vulnerability

URL

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20130801-lsaospf

Revision History

   

 Version      Description          Section      Status        Date       

          Added Cisco Nexus     Affected                                 
          9000 to the list of   Products -                               
 1.4      products not          Products        Final   2017-February-13 
          affected by the       Confirmed Not                            
          vulnerability.        Vulnerable                               

 1.3      Included NX-OS                                2014-July-31     
          Software tables                                                

 1.2      Included OVAL                                 2013-August-17   
          definitions                                                    

 1.1      Fixed broken links                            2013-August-05   

 1.0      Initial public                                2013-August-01   
          release                                                        

Show Less



Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information
or contain factual errors. The information in this document is intended for
end users of Cisco products.

Cisco Security Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Subscribe

Action Links for This Advisory

Identifying and Mitigating Exploitation of the OSPF LSA Manipulation
Vulnerability in Multiple Cisco Products
Cisco OSPF Blind LSA Injection Vulnerability

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWKKC54x+lLeg9Ub1AQgHDRAAhbXjt1K02yjF/kx7YtFHvIunoXlxgE04
VItf28TmsDtZ+tOPFEbqf/4k8id/ix/pu6bDTh88/KF0kAyo4DHFa7r0jUEmkbZE
1Im4a1qLZmG5KmWLijPAxQaLH64B7YVZI1vm+xF31FePSVP/7xzOfnGOhLlUwpNY
fmWY84cEEr7RFH4xWIWQz5n/f8zBBrxdz/G4eK91BM3GTTHvtJVK959fGjHBNZ4a
kapLviPMDIf4LUCwd6dJdDxBQEvX3pqwlDcZi2HTqOQgiPu9j6ZhDyF29fgacO7L
v7ksyZJantfM+fHobHVA159rISFmtfz8oWts9LObDn9V9ObaanneGaobCG/y/Cka
ojXldrT7m24YpXRfUXA9aYOZpcgTxReXakPVnNeLQRbcBOtBFQ7tugPW3NGK6V/R
yWTyqs4nMA9Qrnq4U4dG0SrZy4Ots73W9+m5sKmxTvA585obp9F66ud5hBRqNL5m
Dh8wyVy4HjfmWSTBh8fFCEtkahTLni7YO8Ubsj0+IHkVPnJUIHvg14ogpCV7Cukb
77FcUAVu6UUilyohC65kSVIHwFS5Yn5v7uuhrbjdUxLurqv6rw43erh0FYHq7ocz
6ev/RWcF2APYkXzYxq6fmjSfuo8sWGSdcsdVCCcZJQEC5++gje9whYiJtQJGz81b
vgL8Vh1EqXo=
=V1ZG
-----END PGP SIGNATURE-----