Vulnerability CVE-2011-0355


Published: 2011-02-17   Modified: 2011-09-21

Description:
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
VMware Security ...
21.02.2011

Type:

CWE-399

(Resource Management Errors)

Vendor: Vmware
Product: ESX 
Version: 4.1; 4.0;
Product: ESXI 
Version: 4.1; 4.0;
Vendor: Cisco
Product: 1000v virtual ethernet module (vem) 
Version: 4.0(4);

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://xforce.iss.net/xforce/xfdb/65217
http://www.vupen.com/english/advisories/2011/0315
http://www.vupen.com/english/advisories/2011/0314
http://www.vmware.com/security/advisories/VMSA-2011-0002.html
http://www.securityfocus.com/bid/46247
http://www.securityfocus.com/archive/1/archive/1/516259/100/0/threaded
http://www.osvdb.org/70837
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html
http://securitytracker.com/id?1025030
http://securityreason.com/securityalert/8090
http://secunia.com/advisories/43084
http://lists.vmware.com/pipermail/security-announce/2011/000118.html

Related CVE
CVE-2017-12372
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12371
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12370
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12369
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user w...
CVE-2017-12368
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing ...
CVE-2017-12367
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a us...
CVE-2017-12366
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some param...
CVE-2017-12365
A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to vie...

Copyright 2017, cxsecurity.com

 

Back to Top