CVE-2013-0570

low-risk

Published 2018-07-13

The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

Network Operating System

Affected Vendors

Ibm

References (4)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/83166

Vendor Advisory https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/83166

Vendor Advisory https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal