CVE-2013-7313

4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 62.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper ScreenosJuniper Junos
Timeline
PublishedJan 23
Latest updateMay 17

Description

The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages2 packages

NVDjuniper/screenos6.3.0+4
NVDjuniper/junos61 versions+60

🔴Vulnerability Details

2
GHSA
GHSA-6p9f-747c-m7w6: The OSPF implementation in Juniper Junos through 132022-05-17
CVEList
CVE-2013-7313: The OSPF implementation in Juniper Junos through 132014-01-23

📋Vendor Advisories

1
Juniper
CVE-2013-7313: The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID2014-01-23
CVE-2013-7313 (MEDIUM CVSS 5.4) | The OSPF implementation in Juniper | cvebase.io