Details of VAR-201305-0150

ID

VAR-201305-0150

CVE

CVE-2013-1210

TITLE

Cisco Nexus 1000V Run on Cisco NX-OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002852

DESCRIPTION

Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825. (ESXi Crash and purple screen (purple screen of death)) There are vulnerabilities that are put into a state. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Sending a specially crafted STUN message to the VEM crashes the ESXi Hypervisor. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCud14825

Trust: 2.52

sources: NVD: CVE-2013-1210 // JVNDB: JVNDB-2013-002852 // CNVD: CNVD-2013-06436 // BID: 60223 // VULHUB: VHN-61212

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-06436

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	nexus 1000v switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus	scope:	eq	version:	1000v	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	1000v0	Trust: 0.3

sources: CNVD: CNVD-2013-06436 // BID: 60223 // JVNDB: JVNDB-2013-002852 // CNNVD: CNNVD-201305-607 // NVD: CVE-2013-1210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1210
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1210
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-06436
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201305-607
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61212
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1210
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-06436
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61212
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-06436 // VULHUB: VHN-61212 // JVNDB: JVNDB-2013-002852 // CNNVD: CNNVD-201305-607 // NVD: CVE-2013-1210

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-61212 // JVNDB: JVNDB-2013-002852 // NVD: CVE-2013-1210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-607

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201305-607

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002852

PATCH

title:	Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1210	Trust: 0.8
title:	29470	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29470	Trust: 0.8
title:	Patch for Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/34390	Trust: 0.6

sources: CNVD: CNVD-2013-06436 // JVNDB: JVNDB-2013-002852

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1210	Trust: 3.4
db:	JVNDB	id:	JVNDB-2013-002852	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-607	Trust: 0.7
db:	CNVD	id:	CNVD-2013-06436	Trust: 0.6
db:	CISCO	id:	20130528 CISCO NEXUS 1000V ESXI HYPERVISOR DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BID	id:	60223	Trust: 0.4
db:	VULHUB	id:	VHN-61212	Trust: 0.1

sources: CNVD: CNVD-2013-06436 // VULHUB: VHN-61212 // BID: 60223 // JVNDB: JVNDB-2013-002852 // CNNVD: CNNVD-201305-607 // NVD: CVE-2013-1210

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1210	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1210	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1210	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2013-06436 // VULHUB: VHN-61212 // BID: 60223 // JVNDB: JVNDB-2013-002852 // CNNVD: CNNVD-201305-607 // NVD: CVE-2013-1210

CREDITS

Cisco

Trust: 0.3

sources: BID: 60223

SOURCES

db:	CNVD	id:	CNVD-2013-06436
db:	VULHUB	id:	VHN-61212
db:	BID	id:	60223
db:	JVNDB	id:	JVNDB-2013-002852
db:	CNNVD	id:	CNNVD-201305-607
db:	NVD	id:	CVE-2013-1210

LAST UPDATE DATE

2024-08-14T15:19:17.986000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-06436	date:	2013-05-31T00:00:00
db:	VULHUB	id:	VHN-61212	date:	2013-05-30T00:00:00
db:	BID	id:	60223	date:	2013-05-31T07:14:00
db:	JVNDB	id:	JVNDB-2013-002852	date:	2013-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201305-607	date:	2013-05-30T00:00:00
db:	NVD	id:	CVE-2013-1210	date:	2013-05-30T13:36:29.517

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-06436	date:	2013-05-31T00:00:00
db:	VULHUB	id:	VHN-61212	date:	2013-05-29T00:00:00
db:	BID	id:	60223	date:	2013-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2013-002852	date:	2013-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201305-607	date:	2013-05-30T00:00:00
db:	NVD	id:	CVE-2013-1210	date:	2013-05-29T19:55:01.043