CVE-2011-0355
6.7 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.011 Low
EPSS
Percentile
84.7%
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.
References
lists.vmware.com/pipermail/security-announce/2011/000118.html
secunia.com/advisories/43084
securityreason.com/securityalert/8090
securitytracker.com/id?1025030
www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html
www.osvdb.org/70837
www.securityfocus.com/archive/1/516259/100/0/threaded
www.securityfocus.com/bid/46247
www.vmware.com/security/advisories/VMSA-2011-0002.html
www.vupen.com/english/advisories/2011/0314
www.vupen.com/english/advisories/2011/0315
exchange.xforce.ibmcloud.com/vulnerabilities/65217
Related
6.7 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.011 Low
EPSS
Percentile
84.7%