Vulnerability CVE-2011-0355
Published: 2011-02-17   Modified: 2012-02-13

Description:
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
VMware Security ...
21.02.2011

Type:

CWE-399

 (Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Vmware -> ESX 
Vmware -> ESXI 
Cisco -> 1000v virtual ethernet module (vem) 

 References:
http://lists.vmware.com/pipermail/security-announce/2011/000118.html
http://securityreason.com/securityalert/8090
http://securitytracker.com/id?1025030
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html
http://www.securityfocus.com/archive/1/516259/100/0/threaded
http://www.securityfocus.com/bid/46247
http://www.vmware.com/security/advisories/VMSA-2011-0002.html
http://www.vupen.com/english/advisories/2011/0314
http://www.vupen.com/english/advisories/2011/0315
https://exchange.xforce.ibmcloud.com/vulnerabilities/65217
Copyright 2024, cxsecurity.com

 

Back to Top