CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2023/07/25 12:0 a.m.•15 views

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass (CVE-2013-1208)

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID...

5.8CVSS5.5AI score0.00173EPSS

Tenable Nessus•added 2023/07/25 12:0 a.m.•16 views

Cisco Nexus 1000V VSM/VEM Heartbeat Denial of Service (CVE-2013-1213)

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module VEM to a Virtual Supervisor Module VSM, which allows remote attackers to cause a denial of service false VEM unavailability report via a flood of UDP packets, aka Bug ID...

5CVSS5.6AI score0.00677EPSS

Tenable Nessus•added 2023/07/25 12:0 a.m.•18 views

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass (CVE-2013-1209)

The encryption functionality in the Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via...

5CVSS5.5AI score0.00071EPSS

Prion•added 2013/05/29 7:55 p.m.•17 views

Authentication flaw

5CVSS7.3AI score0.00353EPSS

Prion•added 2013/05/29 7:55 p.m.•16 views

Code injection

5CVSS7.1AI score0.00677EPSS

Prion•added 2013/05/29 7:55 p.m.•14 views

Code injection

Array index error in the Virtual Ethernet Module VEM kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service ESXi crash and purple screen of death by sending crafted STUN packets to a VEM, aka Bug ID...

5.4CVSS7.1AI score0.0071EPSS

Cvelist•added 2013/05/29 7:0 p.m.•16 views

CVE-2013-1211

6.8AI score0.00353EPSS

CVE•added 2013/05/29 7:0 p.m.•56 views

CVE-2013-1210

Cisco Nexus 1000V Nexus 1000V VEM kernel driver for VMware ESXi is affected by CVE-2013-1210 due to an out-of-bounds array access when STUN debugging is enabled. The issue can be exploited remotely by sending crafted STUN packets to the VEM, potentially crashing the ESXi hypervisor and causing a ...

5.4CVSS6.7AI score0.0071EPSS

Cvelist•added 2013/05/29 7:0 p.m.•18 views

CVE-2013-1210

6.5AI score0.0071EPSS

CVE•added 2013/05/29 7:0 p.m.•49 views

CVE-2013-1211

CVE-2013-1211 affects Cisco NX-OS on the Nexus 1000V, where insufficient authentication between Virtual Ethernet Module (VEM) and Virtual Supervisor Module (VSM) enables a remote attacker to obtain VEM access. The issue can be exploited via (1) spoofed STUN packets or (2) a misconfigured/rogue VM...

5CVSS7AI score0.00353EPSS

CVE•added 2013/05/29 7:0 p.m.•46 views

CVE-2013-1208

The CVE-2013-1208 issue affects Cisco Nexus 1000V NX-OS VSM/VEM communication. The vulnerability arises from how encryption between VSM and VEM is handled, potentially allowing remote attackers with Layer 2/3 access to intercept or modify traffic. Affected component is the VSM-to-VEM communicatio...

5.8CVSS6.9AI score0.00173EPSS

CVE•added 2013/05/29 7:0 p.m.•42 views

CVE-2013-1209

Cisco Nexus 1000V: VSM/VEM encryption is vulnerable in Cisco NX-OS; the VSM-to-VEM packet authentication is insufficient, allowing remote attackers to disable per-packet encryption and integrity protections via crafted packets. Root cause: weak/authentication gap in VSM/VEM packet handling (Bug C...

5CVSS6.8AI score0.00071EPSS

Cisco•added 2013/05/29 4:52 p.m.•32 views

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability

Cryptographic issues in the Cisco Nexus 1000v could allow an unauthenticated, remote attacker to to inject traffic or eavesdrop on the communications between a Virtual Supervisor Module VSM and a Virtual Ethernet Module VEM. The issues are due to errors in the implementation of the cryptography...

5.8CVSS1.9AI score0.00173EPSS

Cisco•added 2013/05/29 4:9 p.m.•24 views

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability

A vulnerability in the implementation of the encryption for the Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communications on the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to to disable encryption and integrity protections on a per-packet basis. The...

5CVSS1.5AI score0.00071EPSS

Cisco•added 2013/05/29 3:7 p.m.•26 views

Cisco Nexus 1000V Insufficient VSM/VEM Authentication Vulnerability

A vulnerability in the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to obtain control over a Virtual Ethernet Module VEM and associated port groups. The vulnerability is due to insufficient authentication between a VEM and a Virtual Supervisor Module VSM. An attacker could...

5CVSS1.7AI score0.00353EPSS

Cisco•added 2012/11/07 4:0 p.m.•14 views

Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue

The Cisco Product Security Incident Response Team PSIRT would like to notify customers of an issue that may impact their network security posture when upgrading the Cisco Nexus 1000V Series Switches to Software Release 4.21SV15.2 with deployments that have Cisco Virtual Security Gateway VSG...

7.2AI score