Vulnerability Details : CVE-2011-0355
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.
Vulnerability category: Denial of service
Products affected by CVE-2011-0355
- cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\(vem\):4.0\(4\):sv1\(3\):*:*:*:*:*:*
- cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\(vem\):4.0\(4\):sv1\(3b\):*:*:*:*:*:*
- cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\(vem\):4.0\(4\):sv1\(1\):*:*:*:*:*:*
- cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\(vem\):4.0\(4\):sv1\(2\):*:*:*:*:*:*
- cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\(vem\):4.0\(4\):sv1\(3a\):*:*:*:*:*:*
- cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0355
1.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0355
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2011-0355
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0355
-
http://www.securityfocus.com/archive/1/516259/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2011/0315
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/46247
Cisco Nexus 1000V VEM Denial of Service Vulnerability
-
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html
Cisco Nexus 1000V Release Notes, Release 4.0(4) SV1(3c) - Cisco
-
http://lists.vmware.com/pipermail/security-announce/2011/000118.html
[Security-announce] VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65217
Cisco Nexus 1000V Virtual Ethernet Module packets denial of service CVE-2011-0355 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0314
Webmail | OVH- OVHVendor Advisory
-
http://securitytracker.com/id?1025030
VMware ESX/Cisco Nexus 1000V Packet Processing Bug Lets Remote Users Deny Service - SecurityTracker
-
http://securityreason.com/securityalert/8090
Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi - CXSecurity.com
-
http://www.vmware.com/security/advisories/VMSA-2011-0002.html
VMSA-2011-0002Vendor Advisory
Jump to