Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability

A vulnerability in the Cisco Nexus 1000V Virtual Ethernet Module (VEM) kernel driver for VMware ESXi could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash, resulting in a purple screen of death (PSOD).

The vulnerability is due to insufficient validation of STUN protocol packets, which results in a crash of the ESXi hypervisor due to an out of bound array index access. An attacker could exploit this vulnerability by sending specially crafted STUN packets to a vulnerable VEM. This vulnerability requires that STUN protocol debugging be enabled on the VEM kernel driver for VMware ESXi.

Cisco would like to thank Felix ‘FX’ Lindner, Recurity Labs GmbH, for reporting this issue to us.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, the attacker would likely need access to a trusted, internal network to send specially crafted STUN packets to a targeted device. This access restriction limits the possibility of a successful exploit.

Customers are advised to review the bug reports in the “Vendor Announcements” section for a current list of affected versions.