CVE-2013-1210

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V Virtual Ethernet Module (VEM) kernel driver for VMware ESXi (affected versions not specified)

Description A denial of service issue exists due to insufficient validation of STUN protocol packets, resulting in an out of bound array index access and a crash of the ESXi hypervisor, leading to a purple screen of death. This can be exploited by sending specially crafted STUN packets to a vulnerable VEM when STUN protocol debugging is enabled. The issue requires access to a trusted, internal network to send the crafted packets, limiting the possibility of a successful exploit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.