Detections
Analytics
Cisco IOS XE Software OSPF LSA Manipulation (cisco-sa-20170727-ospf)
medium Nessus Plugin ID 131395
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. An unauthenticated, remote attacker can exploit this, by injecting crafted OSPF LSA type 1 packets, to cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update through the OSPF AS domain, allowing the attacker to intercept or black-hole traffic. Successful exploitation of this vulnerability requires that an attacker first accurately determine certain parameters within the LSA database on the target router.Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCva74756.See Also
Plugin Details
Severity: Medium
ID: 131395
File Name: cisco-sa-20170727-ospf-iosxe.nasl
Version: 1.11
Type: combined
Family: CISCO
Published: 11/27/2019
Updated: 5/3/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.5
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2017-6770
CVSS v3
Risk Factor: Medium
Base Score: 4.2
Temporal Score: 3.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:ios_xe
Required KB Items: Host/Cisco/IOS-XE/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 7/27/2017
Vulnerability Publication Date: 8/7/2017
Reference Information
CVE: CVE-2017-6770
BID: 100005
CISCO-SA: cisco-sa-20170727-ospf
CISCO-BUG-ID: CSCva74756