Vulnerabilites related to checkpoint - ipso_os
cve-2013-7311
Vulnerability from cvelistv5
Published
2014-01-23 17:00
Modified
2024-09-16 23:32
Severity ?
Summary
The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:01:20.568Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/BLUU-985QRC",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94490",
               },
               {
                  name: "VU#229804",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/229804",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-01-23T17:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.kb.cert.org/vuls/id/BLUU-985QRC",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94490",
            },
            {
               name: "VU#229804",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/229804",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-7311",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.kb.cert.org/vuls/id/BLUU-985QRC",
                     refsource: "CONFIRM",
                     url: "http://www.kb.cert.org/vuls/id/BLUU-985QRC",
                  },
                  {
                     name: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94490",
                     refsource: "CONFIRM",
                     url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94490",
                  },
                  {
                     name: "VU#229804",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/229804",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-7311",
      datePublished: "2014-01-23T17:00:00Z",
      dateReserved: "2014-01-23T00:00:00Z",
      dateUpdated: "2024-09-16T23:32:05.658Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2014-01-23 17:55
Modified
2024-11-21 02:00
Severity ?
Summary
The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Impacted products
Vendor Product Version
checkpoint gaia_os r75.0
checkpoint gaia_os r76.0
checkpoint ipso_os 6.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:checkpoint:gaia_os:r75.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "108B6F13-FD59-4790-B873-EED143387841",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:checkpoint:gaia_os:r76.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D082271-E8DE-445C-99AA-A04D8789110F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:checkpoint:ipso_os:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "89AC8A11-E5F4-4614-9C9D-65122AF92A97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.",
      },
      {
         lang: "es",
         value: "La implementación OSPF en Check Point Gaia OS R75.X y R76 e IPSO OS 6.2 R75.X y R76 no considera la posibilidad de valores Link State ID duplicados en paquetes Link State Advertisement (LSA) antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de enrutamiento) u obtener información sensible de paquetes a través de un paquete LSA manipulado, una vulnerabilidad relacionada con CVE-2013-0149.",
      },
   ],
   evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/694.html\n\n\"CWE-694: Use of Multiple Resources with Duplicate Identifier\"",
   id: "CVE-2013-7311",
   lastModified: "2024-11-21T02:00:42.977",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-01-23T17:55:05.477",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/229804",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/BLUU-985QRC",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94490",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/229804",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/BLUU-985QRC",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94490",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}