OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.
This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table. Further to this, an attacker is able to black-hole and intercept traffic.
This vulnerability can be exploited by crafted OSPF packet injection.
Successful exploitation could cause flushing of the routing table on a targeted router, as well as propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain.
OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability.
Affected Platforms:
Cisco IOS Software, Cisco IOS XE Software, Cisco ASA Software, Cisco PIX Software and Cisco FWSM
Resolution:
Review the Cisco Security Advisory: cisco-sa-20130801-lsaospf and apply the necessary updates.
Consider implementing OSPF authentication.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.