Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:793496
HistoryJul 27, 2017 - 12:00 a.m.

Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency

2017-07-2700:00:00
www.kb.cert.org
510

8.2 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

71.5%

JSON

Overview

Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain.

Description

CWE-354: Improper Validation of Integrity Check Value

Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a ‘newer’ LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network.

Impact

Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to erase or alter the routing tables of routers within the domain, resulting in denial of service or the re-routing of traffic on the network.

Solution

Install Updates

The OSPF protocol is a popular interior routing protocol that is used by many devices and manufacturers. This vulnerability is implementation-specific, so some vendors may not be affected. The Vendor Information section below contains known affected or non-affected vendors. Please consult your network equipment vendor to confirm how they are affected by this vulnerability.

Vendor Information

As an implementation vulnerability, CVE IDs are assigned for each known affected codebase:

* CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).
* CVE-2017-3752 describes this vulnerability in affected Lenovo products.
* CVE-2017-6770 describes this vulnerability in affected Cisco products.

793496

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Cisco __ Affected

Notified: May 12, 2017 Updated: August 08, 2017

Statement Date: July 26, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

CVE-2017-6770 describes this vulnerability in affected Cisco products.

Vendor References

Lenovo __ Affected

Notified: May 12, 2017 Updated: July 17, 2017

Statement Date: July 17, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

CVE-2017-3752 describes this vulnerability in affected Lenovo products.

Vendor References

Quagga __ Affected

Notified: July 17, 2017 Updated: July 26, 2017

Statement Date: July 25, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

CVE-2017-3224 has been assigned for Quagga’s affected ospfd implementation.

Red Hat, Inc. __ Affected

Notified: May 12, 2017 Updated: July 25, 2017

Statement Date: May 15, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

CVE-2017-3224, reserved for Quagga, also applies to derivative affected Red Hat packages.

SUSE Linux __ Affected

Notified: May 12, 2017 Updated: July 25, 2017

Statement Date: May 16, 2017

Status

Affected

Vendor Statement

SUSE and openSUSE package quagga and are affected by the issue

Vendor Information

CVE-2017-3224, reserved for Quagga, also applies to the affected SUSE and openSUSE packages.

openSUSE project __ Affected

Notified: May 12, 2017 Updated: July 25, 2017

Statement Date: May 16, 2017

Status

Affected

Vendor Statement

SUSE and openSUSE package quagga and are affected by the issue

Vendor Information

CVE-2017-3224, reserved for Quagga, also applies to the affected SUSE and openSUSE packages.

Apple Not Affected

Notified: May 12, 2017 Updated: June 05, 2017

Statement Date: June 02, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc. Not Affected

Notified: May 12, 2017 Updated: July 17, 2017

Statement Date: July 17, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS __ Not Affected

Notified: May 12, 2017 Updated: May 12, 2017

Statement Date: May 12, 2017

Status

Not Affected

Vendor Statement

CoreOS’s products are not vulnerable to this exploit.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc. Not Affected

Notified: May 12, 2017 Updated: August 17, 2017

Statement Date: August 16, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project __ Not Affected

Notified: May 12, 2017 Updated: July 18, 2017

Statement Date: May 13, 2017

Status

Not Affected

Vendor Statement

The FreeBSD base system do not ship with an OSPF, therefore we consider our product as “Not affected”.

We do ship several third party OSPF routing implementations as add-on software (packages) and will keep an eye on these.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC Not Affected

Notified: May 12, 2017 Updated: May 23, 2017

Statement Date: May 18, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies Not Affected

Notified: May 12, 2017 Updated: July 26, 2017

Statement Date: July 26, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation Not Affected

Notified: May 12, 2017 Updated: July 17, 2017

Statement Date: July 17, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks Not Affected

Notified: May 12, 2017 Updated: July 17, 2017

Statement Date: July 17, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MikroTik Not Affected

Updated: September 27, 2017

Statement Date: September 27, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation Not Affected

Notified: May 12, 2017 Updated: July 19, 2017

Statement Date: July 18, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor Not Affected

Updated: October 18, 2017

Statement Date: October 18, 2017

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

AT&T Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Alcatel-Lucent Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Alpine Linux Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Amazon Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Android Open Source Project Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Arch Linux Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Aruba Networks Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

AsusTek Computer Inc. Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Avaya, Inc. Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Barnes and Noble Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Barracuda Networks Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Belkin, Inc. Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Blue Coat Systems Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Brocade Communication Systems Unknown

Notified: July 17, 2017 Updated: July 17, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CA Technologies Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CMX Systems Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CentOS Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Check Point Software Technologies Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Contiki OS Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Debian GNU/Linux Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Dell Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

DesktopBSD Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

DragonFly BSD Project Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

EMC Corporation Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

ENEA Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

EfficientIP SAS Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Ericsson Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

European Registry for Internet Domains Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Extreme Networks Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

F5 Networks, Inc. Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fedora Project Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Force10 Networks Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fortinet, Inc. Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Foundry Brocade Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

GNU adns Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

GNU glibc Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Gentoo Linux Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Google Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

HardenedBSD Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Hewlett Packard Enterprise Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Hitachi Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

IBM Corporation Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Infoblox Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Internet Systems Consortium Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Internet Systems Consortium - DHCP Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

JH Software Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Joyent Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Kyocera Communications Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

LG Electronics Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Lynx Software Technologies Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

McAfee Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Microchip Technology Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Microsoft Corporation Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Motorola, Inc. Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NEC Corporation Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NLnet Labs Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NetBSD Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Netgear, Inc. Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Nexenta Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Nokia Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Nominum Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OmniTI Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OpenBSD Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OpenDNS Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OpenIndiana Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Openwall GNU/*/Linux Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Oracle Corporation Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Oryx Embedded Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Peplink Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Philips Electronics Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

PowerDNS Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

QNX Software Systems Inc. Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

QUALCOMM Incorporated Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Quadros Systems Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

ReactOS Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Rocket RTOS Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

SafeNet Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Samsung Mobile Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Slackware Linux Inc. Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

SmoothWall Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Snort Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Sony Corporation Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Sourcefire Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Symantec Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

TCPWave Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

TippingPoint Technologies Inc. Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Tizen Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

TrueOS Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Turbolinux Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Ubiquiti Networks Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Ubuntu Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Unisys Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

VMware Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Wind River Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

WizNET Technology Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Xiaomi Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Xilinx Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Zephyr Project Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

ZyXEL Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

dnsmasq Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

gdnsd Unknown

Notified: August 28, 2017 Updated: August 28, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

m0n0wall Unknown

Notified: May 12, 2017 Updated: May 12, 2017

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

View all 121 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P
Temporal 4.9 E:POC/RL:ND/RC:C
Environmental 3.6 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Adi Sosnovich, Orna Grumberg, and Gabi Nakibly for reporting this vulnerability.

This document was written by Joel Land.

Other Information

CVE IDs: CVE-2017-3224, CVE-2017-3752, CVE-2017-6770
Date Public: 2017-07-27 Date First Published:

Related

nessus 8
cve 3
prion 3
cisco 1
openvas 5
redhatcve 1
lenovo 2
debiancve 1
ubuntucve 1
nessus
nessus
Cisco IOS XE Software OSPF LSA Manipulation (cisco-sa-20170727-ospf)
2019-11-27 00:00:00
Cisco Adaptive Security Appliance Software OSPF LSA Manipulation (cisco-sa-20170727-ospf)
2019-11-27 00:00:00
Cisco NX-OS Software OSPF LSA Manipulation (cisco-sa-20170727-ospf)
2019-11-27 00:00:00
cve
cve
CVE-2017-6770
2017-08-07 06:29:00
CVE-2017-3224
2018-07-24 15:29:00
CVE-2017-3752
2017-08-09 21:29:00
prion
prion
Design/Logic Flaw
2017-08-07 06:29:00
Design/Logic Flaw
2017-08-09 21:29:00
Design/Logic Flaw
2018-07-24 15:29:00
cisco
cisco
Multiple Cisco Products OSPF LSA Manipulation Vulnerability
2017-07-27 16:00:00
openvas
openvas
Cisco IOS Software OSPF LSA Manipulation Vulnerability
2017-07-28 00:00:00
Cisco ASA OSPF LSA Manipulation Vulnerability (cisco-sa-20170727-ospf)
2017-07-28 00:00:00
Huawei EulerOS: Security Advisory for quagga (EulerOS-SA-2021-1227)
2021-02-05 00:00:00
redhatcve
redhatcve
CVE-2017-3224
2017-07-28 01:48:37
lenovo
lenovo
Industry-wide OSPF routing vulnerability on Lenovo and IBM Networking Switches - Lenovo Support US
2017-07-27 00:00:00
Industry-wide OSPF routing vulnerability on Lenovo and IBM Networking Switches - us
2017-07-27 00:00:00
debiancve
debiancve
CVE-2017-3224
2018-07-24 15:29:00
ubuntucve
ubuntucve
CVE-2017-3224
2018-07-24 00:00:00

8.2 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

71.5%

JSON
Related for VU:793496
nessus8cve3prion3cisco1openvas5redhatcve1lenovo2debiancve1ubuntucve1