Executive Summary
Summary | |
---|---|
Title | Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi |
Informations | |||
---|---|---|---|
Name | VMSA-2011-0002 | First vendor Publication | 2011-02-07 |
Vendor | VMware | Last vendor Modification | 2011-02-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Cisco Nexus 1000V Virtual Ethernet Module denial of service The Cisco Nexus 1000V Virtual Ethernet Module (VEM) is a virtual switch for ESX and ESXi. This switch can be added to ESX and ESXi where it replaces the VMware virtual switch and runs as part of the ESX and ESXi kernel. A flaw in the handling of dropped packets by Cisco Nexus 1000V VEM can cause ESX and ESXi to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0355 to the issue. The issue is addressed by Cisco in the following releases: - Cisco Nexus 1000V Virtual Ethernet Module Release 4.2(4) SV1(4) - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3c) For details refer to the release notes of these releases (see section 4 for links). VMware customers are only affected by this vulnerability if they have chosen to deploy the Cisco Nexus 1000V virtual switch as a replacement for the VMware vNetwork Standard Switch or the VMware vNetwork Distributed Switch. VMware has confirmed that the VMware vNetwork Standard Switch and the VMware vNetwork Distributed Switch are not affected by the vulnerability. The issue is documented by Cisco in Cisco bug ID CSCtj17451 (see section 5 for a link). |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2011-0002.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70837 | Cisco Nexus 1000V Virtual Switch 802.1Q Tagged Packet Remote DoS Cisco Nexus 1000V contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs when processing 802.1Q tagged packets, which may be exploited by a remote attacker by having a virtual machine send a packet on an vEthernet port to cause a denial of service. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-03-10 | IAVM : 2011-B-0031 - Cisco Nexus 1000V Virtual Ethernet Module (VEM) Denial of Service Vulnerability Severity : Category I - VMSKEY : V0026089 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-08-13 | Name : The remote device is missing a vendor-supplied security update. File : cisco-CSCtj17451-nxos.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-11-11 12:41:39 |
|