cvelistv5 - cve-2011-0355

cve-2011-0355

Vulnerability from cvelistv5

Published

2011-02-17 17:00

Modified

2024-08-06 21:51

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://lists.vmware.com/pipermail/security-announce/2011/000118.html
ykramarz@cisco.com	http://secunia.com/advisories/43084	Vendor Advisory
ykramarz@cisco.com	http://securityreason.com/securityalert/8090
ykramarz@cisco.com	http://securitytracker.com/id?1025030
ykramarz@cisco.com	http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html
ykramarz@cisco.com	http://www.osvdb.org/70837
ykramarz@cisco.com	http://www.securityfocus.com/archive/1/516259/100/0/threaded
ykramarz@cisco.com	http://www.securityfocus.com/bid/46247
ykramarz@cisco.com	http://www.vmware.com/security/advisories/VMSA-2011-0002.html	Vendor Advisory
ykramarz@cisco.com	http://www.vupen.com/english/advisories/2011/0314	Vendor Advisory
ykramarz@cisco.com	http://www.vupen.com/english/advisories/2011/0315	Vendor Advisory
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/65217

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:08.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43084",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43084"
          },
          {
            "name": "20110208 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516259/100/0/threaded"
          },
          {
            "name": "cisco-nexus-packets-dos(65217)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65217"
          },
          {
            "name": "1025030",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025030"
          },
          {
            "name": "ADV-2011-0314",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0314"
          },
          {
            "name": "46247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46247"
          },
          {
            "name": "[security-announce] 20110207 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
          },
          {
            "name": "8090",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8090"
          },
          {
            "name": "70837",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/70837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
          },
          {
            "name": "ADV-2011-0315",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0315"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "43084",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43084"
        },
        {
          "name": "20110208 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516259/100/0/threaded"
        },
        {
          "name": "cisco-nexus-packets-dos(65217)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65217"
        },
        {
          "name": "1025030",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025030"
        },
        {
          "name": "ADV-2011-0314",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0314"
        },
        {
          "name": "46247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46247"
        },
        {
          "name": "[security-announce] 20110207 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
        },
        {
          "name": "8090",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8090"
        },
        {
          "name": "70837",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/70837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
        },
        {
          "name": "ADV-2011-0315",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0315"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43084",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43084"
            },
            {
              "name": "20110208 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516259/100/0/threaded"
            },
            {
              "name": "cisco-nexus-packets-dos(65217)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65217"
            },
            {
              "name": "1025030",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025030"
            },
            {
              "name": "ADV-2011-0314",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0314"
            },
            {
              "name": "46247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46247"
            },
            {
              "name": "[security-announce] 20110207 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
            },
            {
              "name": "8090",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8090"
            },
            {
              "name": "70837",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/70837"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html"
            },
            {
              "name": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
            },
            {
              "name": "ADV-2011-0315",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0315"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0355",
    "datePublished": "2011-02-17T17:00:00",
    "dateReserved": "2011-01-07T00:00:00",
    "dateUpdated": "2024-08-06T21:51:08.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0355\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2011-02-17T18:00:03.557\",\"lastModified\":\"2018-10-10T20:09:44.983\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.\"},{\"lang\":\"es\",\"value\":\"Cisco Nexus 1000V Virtual Ethernet Module (VEM) v4.0 (4) SV1 (1) hasta SV1 (3b), tal como se utiliza en VMware ESX v4.0 y v4.1 ESXi  v4.0 y v4.1, no maneja adecuadamente paquetes eliminados, permitiendo a usuarios invitado del sistema operativo causar una denegaci\u00f3n de servicio (ca\u00edda del host ESX o ESXi) mediante el env\u00edo de un paquete 802.1Q etiquetado sobre un puerto vEthernet de acceso, tambi\u00e9n conocido como error de Cisco ID CSCtj17451.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\\\(vem\\\\):4.0\\\\(4\\\\):sv1\\\\(1\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"DF896363-85C3-4430-A77A-94B4054B97CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\\\(vem\\\\):4.0\\\\(4\\\\):sv1\\\\(2\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"F81223EE-9540-4BA6-9177-D282651A8247\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\\\(vem\\\\):4.0\\\\(4\\\\):sv1\\\\(3\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"E90F8CC2-61A5-496C-962E-56155AD51B91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\\\(vem\\\\):4.0\\\\(4\\\\):sv1\\\\(3a\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"6162DFCA-0D2D-48EC-B260-8094D02725B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\\\(vem\\\\):4.0\\\\(4\\\\):sv1\\\\(3b\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"1905D672-E067-441E-944D-2E368E53451D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"889DE9BE-886F-4BEF-A794-5B5DE73D2322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BDAA7C8-8F2F-4037-A517-2C1EDB70B203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73C9E205-87EE-4CE2-A252-DED7BB6D4EAE\"}]}]}],\"references\":[{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2011/000118.html\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://secunia.com/advisories/43084\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8090\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://securitytracker.com/id?1025030\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.osvdb.org/70837\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/516259/100/0/threaded\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/46247\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0002.html\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0314\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0315\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65217\",\"source\":\"ykramarz@cisco.com\"}]}}"
  }
}

ghsa-gfg2-2gww-4ffv

Vulnerability from github

Published

2022-05-14 02:41

Modified

2022-05-14 02:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0355"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-17T18:00:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.",
  "id": "GHSA-gfg2-2gww-4ffv",
  "modified": "2022-05-14T02:41:34Z",
  "published": "2022-05-14T02:41:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0355"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65217"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43084"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8090"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025030"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/70837"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516259/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46247"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0314"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0315"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451. The Cisco Nexus 1000V VEM is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to crash, resulting in a denial-of-service condition. The following Cisco products are vulnerable: Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3b) Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3a) Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3) Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(2) Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(1) The following VMware products are vulnerable: ESXi 4.1 ESXi 4.0 ESX 4.1 ESX 4.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2011-0002 Synopsis: Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi Issue date: 2011-02-07 Updated on: 2011-02-07 (initial release of advisory) CVE numbers: CVE-2011-0355

Summary

Updated versions of the Cisco Nexus 1000V virtual switch address a denial of service in VMware ESX/ESXi.

Problem Description

a. This switch can be added to ESX and ESXi where it replaces the VMware virtual switch and runs as part of the ESX and ESXi kernel.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2011-0355 to the issue.

VMware customers are only affected by this vulnerability if they
have chosen to deploy the Cisco Nexus 1000V virtual switch as a
replacement for the VMware vNetwork Standard Switch or the VMware
vNetwork Distributed Switch.

VMware has confirmed that the VMware vNetwork Standard Switch and
the VMware vNetwork Distributed Switch are not affected by the
vulnerability.

The issue is documented by Cisco in Cisco bug ID CSCtj17451 (see
section 5 for a link).

References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0355

Cisco bug ID CSCtj17451 (registered Cisco customers only)

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fe tchBugDetails&bugId=CSCtj17451

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8

wj8DBQFNUNTIS2KysvBH1xkRAk1hAJ9iH1j58lM5KrwVaRYccSN3rWaw/wCePyLP FHYGA7W1DEcKcOFWj7GkuHE= =srWD -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------

Get a tax break on purchases of Secunia Solutions!

If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/

TITLE: Cisco Nexus 1000V Virtual Switch 802.1Q Tagged Packet Denial of Service

SECUNIA ADVISORY ID: SA43084

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43084

RELEASE DATE: 2011-02-09

DISCUSS ADVISORY: http://secunia.com/advisories/43084/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/43084/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=43084

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in Cisco Nexus 1000V, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing 802.1Q tagged packets. This can be exploited to cause a crash when a virtual machine sends a packet on a vEthernet port.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: Cisco (CSCtj17451): http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0213",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "1000v virtual ethernet module \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(4\\)"
      },
      {
        "model": "nexus virtual ethernet module sv1",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "cisco",
        "version": "1000v4.0(4)"
      },
      {
        "model": "nexus 1000v virtual ethernet module",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0(4) sv1(1) to  sv1(3b)"
      },
      {
        "model": "nexus virtual ethernet module sv1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v4.2(1)"
      },
      {
        "model": "nexus virtual ethernet module sv1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v4.0(4)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "46247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(3\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(3b\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(1\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(2\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(3a\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "46247"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-0355",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2011-0355",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-48300",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-0355",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201102-264",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-48300",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451. The Cisco Nexus 1000V VEM is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the affected application to crash, resulting in a denial-of-service condition. \nThe following Cisco products are vulnerable:\nCisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3b)\nCisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3a)\nCisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3)\nCisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(2)\nCisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(1)\nThe following VMware products are vulnerable:\nESXi 4.1\nESXi 4.0\nESX 4.1\nESX 4.0. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2011-0002\nSynopsis:          Cisco Nexus 1000V VEM updates address denial of\n                   service in VMware ESX/ESXi\nIssue date:        2011-02-07\nUpdated on:        2011-02-07 (initial release of advisory)\nCVE numbers:       CVE-2011-0355\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   Updated versions of the Cisco Nexus 1000V virtual switch address a\ndenial\n   of service in VMware ESX/ESXi. \n\n2. Problem Description\n\n a. This switch can be added to ESX and ESXi\n    where it replaces the VMware virtual switch and runs as part of the\n    ESX and ESXi kernel. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2011-0355 to the issue. \n \n    VMware customers are only affected by this vulnerability if they\n    have chosen to deploy the Cisco Nexus 1000V virtual switch as a\n    replacement for the VMware vNetwork Standard Switch or the VMware\n    vNetwork Distributed Switch. \n\n    VMware has confirmed that the VMware vNetwork Standard Switch and\n    the VMware vNetwork Distributed Switch are not affected by the\n    vulnerability. \n\n    The issue is documented by Cisco in Cisco bug ID CSCtj17451 (see\n    section 5 for a link). \n\n4. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0355\n\n   Cisco bug ID CSCtj17451 (registered Cisco customers only)\n \nhttp://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fe\ntchBugDetails\u0026bugId=CSCtj17451\n\n- ------------------------------------------------------------------------\n\n6. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.8.3 (Build 4028)\nCharset: utf-8\n\nwj8DBQFNUNTIS2KysvBH1xkRAk1hAJ9iH1j58lM5KrwVaRYccSN3rWaw/wCePyLP\nFHYGA7W1DEcKcOFWj7GkuHE=\n=srWD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Nexus 1000V Virtual Switch 802.1Q Tagged Packet Denial of\nService\n\nSECUNIA ADVISORY ID:\nSA43084\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43084/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43084\n\nRELEASE DATE:\n2011-02-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43084/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43084/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43084\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Cisco Nexus 1000V, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error when processing 802.1Q\ntagged packets. This can be exploited to cause a crash when a virtual\nmachine sends a packet on a vEthernet port. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nCisco (CSCtj17451):\nhttp://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "db": "BID",
        "id": "46247"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "db": "PACKETSTORM",
        "id": "98254"
      },
      {
        "db": "PACKETSTORM",
        "id": "98315"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-0355",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "46247",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "43084",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0314",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0315",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1025030",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "70837",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "8090",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20110208 VMSA-2011-0002 CISCO NEXUS 1000V VEM UPDATES ADDRESS DENIAL OF SERVICE IN VMWARE ESX/ESXI",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[SECURITY-ANNOUNCE] 20110207 VMSA-2011-0002 CISCO NEXUS 1000V VEM UPDATES ADDRESS DENIAL OF SERVICE IN VMWARE ESX/ESXI",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "65217",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "98254",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-48300",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "98315",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "db": "BID",
        "id": "46247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "db": "PACKETSTORM",
        "id": "98254"
      },
      {
        "db": "PACKETSTORM",
        "id": "98315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ]
  },
  "id": "VAR-201102-0213",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48300"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:02:13.840000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "22395",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22395"
      },
      {
        "title": "Cisco Nexus 1000V Release Notes, Release 4.0(4) SV1(3c)",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
      },
      {
        "title": "Cisco Nexus1000V Release Notes, Release 4.2(1) SV1(4)",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4/release/notes/n1000v_rn.html"
      },
      {
        "title": "VMSA-2011-0002",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0002.html"
      },
      {
        "title": "Security-announce VMSA-2011-0002",
        "trust": 0.8,
        "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/en/us/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0002.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/46247"
      },
      {
        "trust": 1.7,
        "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/70837"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1025030"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/43084"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2011/0314"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2011/0315"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/516259/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://securityreason.com/securityalert/8090"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65217"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0355"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0355"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/65217"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/516259/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps9902/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4/release/notes/n1000v_rn.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0355"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fe"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43084/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/section_179/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43084"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43084/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "db": "BID",
        "id": "46247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "db": "PACKETSTORM",
        "id": "98254"
      },
      {
        "db": "PACKETSTORM",
        "id": "98315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "db": "BID",
        "id": "46247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "db": "PACKETSTORM",
        "id": "98254"
      },
      {
        "db": "PACKETSTORM",
        "id": "98315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-02-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "date": "2011-02-07T00:00:00",
        "db": "BID",
        "id": "46247"
      },
      {
        "date": "2011-11-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "date": "2011-02-08T19:42:02",
        "db": "PACKETSTORM",
        "id": "98254"
      },
      {
        "date": "2011-02-09T03:29:48",
        "db": "PACKETSTORM",
        "id": "98315"
      },
      {
        "date": "2011-02-17T18:00:03.557000",
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "date": "2011-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48300"
      },
      {
        "date": "2011-02-07T00:00:00",
        "db": "BID",
        "id": "46247"
      },
      {
        "date": "2011-11-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      },
      {
        "date": "2018-10-10T20:09:44.983000",
        "db": "NVD",
        "id": "CVE-2011-0355"
      },
      {
        "date": "2011-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus 1000V Virtual Ethernet Module Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003070"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-264"
      }
    ],
    "trust": 0.6
  }
}

gsd-2011-0355

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-0355

Aliases

CVE-2011-0355

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0355",
    "description": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.",
    "id": "GSD-2011-0355"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0355"
      ],
      "details": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.",
      "id": "GSD-2011-0355",
      "modified": "2023-12-13T01:19:04.901782Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2011-0355",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43084",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43084"
          },
          {
            "name": "20110208 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516259/100/0/threaded"
          },
          {
            "name": "cisco-nexus-packets-dos(65217)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65217"
          },
          {
            "name": "1025030",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1025030"
          },
          {
            "name": "ADV-2011-0314",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0314"
          },
          {
            "name": "46247",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46247"
          },
          {
            "name": "[security-announce] 20110207 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
          },
          {
            "name": "8090",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8090"
          },
          {
            "name": "70837",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/70837"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html"
          },
          {
            "name": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html",
            "refsource": "CONFIRM",
            "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
          },
          {
            "name": "ADV-2011-0315",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0315"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(3\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(3b\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(1\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(2\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:1000v_virtual_ethernet_module_\\(vem\\):4.0\\(4\\):sv1\\(3a\\):*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0355"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0002.html"
            },
            {
              "name": "[security-announce] 20110207 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2011/000118.html"
            },
            {
              "name": "70837",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/70837"
            },
            {
              "name": "43084",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43084"
            },
            {
              "name": "1025030",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1025030"
            },
            {
              "name": "ADV-2011-0314",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0314"
            },
            {
              "name": "ADV-2011-0315",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0315"
            },
            {
              "name": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html"
            },
            {
              "name": "46247",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46247"
            },
            {
              "name": "8090",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8090"
            },
            {
              "name": "cisco-nexus-packets-dos(65217)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65217"
            },
            {
              "name": "20110208 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516259/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T20:09Z",
      "publishedDate": "2011-02-17T18:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2011-0355

Vulnerability from cvelistv5

ghsa-gfg2-2gww-4ffv

Vulnerability from github

var-201102-0213

Vulnerability from variot

gsd-2011-0355

Vulnerability from gsd

Tags

Sightings

Nomenclature