CVE-2013-0570: Infoleak
First published: Fri Jul 13 2018(Updated: )
The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Network Operating System | ||
| IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch | ||
| IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch | ||
| IBM Flex System Fabric Si4093 10Gb System Interconnect Module | ||
| IBM RackSwitch G8124e | ||
| IBM RackSwitch G8124 | ||
| Lenovo Rackswitch G8124e | ||
| IBM RackSwitch G8264 | ||
| IBM RackSwitch G8264T | ||
| Lenovo Rackswitch G8264cs | ||
| IBM RackSwitch G8316 | ||
| IBM Virtual Fabric 10Gb |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0570?
CVE-2013-0570 is classified as a high severity vulnerability that can lead to a loss of confidentiality and network integrity.
How do I fix CVE-2013-0570?
To fix CVE-2013-0570, update your IBM Network Operating System to the latest version that addresses this vulnerability.
Who is affected by CVE-2013-0570?
CVE-2013-0570 affects users of IBM System Networking and Blade Network Technology switches running vulnerable versions of IBM Network Operating System.
What are the potential impacts of CVE-2013-0570?
The potential impacts of CVE-2013-0570 include network disruptions due to flooding of data frames across VLANs.
Is CVE-2013-0570 exploitable remotely?
Yes, CVE-2013-0570 is considered exploitable remotely, allowing attackers on the same network to trigger the vulnerability.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm network operating system
- canonical/ibm flex system fabric cn4093 10gb converged scalable switch
- canonical/ibm flex system fabric en4093/en4093r 10gb scalable switch
- canonical/ibm flex system fabric si4093 10gb system interconnect module
- canonical/ibm rackswitch g8124e
- canonical/ibm rackswitch g8124
- canonical/lenovo rackswitch g8124e
- canonical/ibm rackswitch g8264
- canonical/ibm rackswitch g8264t
- canonical/lenovo rackswitch g8264cs
- canonical/ibm rackswitch g8316
- canonical/ibm virtual fabric 10gb