Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0213
Vulnerability from certfr_avis - Published: 2026-02-26 - Updated: 2026-02-26
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Se référer aux bulletins de sécurité de l'éditeur pour les détails des versions correctives et des configurations impactées.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | UCS | UCS 9108 100G Fabric Interconnects versions 4.3.x versions antérieures à 4.3(6e) et 4.3(6.260003) | ||
| Cisco | Commutateurs Nexus | Commutateurs Nexus séries 3000, 3600 et 9000 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "UCS 9108 100G Fabric Interconnects versions 4.3.x versions ant\u00e9rieures \u00e0 4.3(6e) et 4.3(6.260003)",
"product": {
"name": "UCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9ries 3000, 3600 et 9000",
"product": {
"name": "Commutateurs Nexus",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "Se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les d\u00e9tails des versions correctives et des configurations impact\u00e9es.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20010"
},
{
"name": "CVE-2026-20048",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20048"
},
{
"name": "CVE-2026-20033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20033"
},
{
"name": "CVE-2026-20051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20051"
}
],
"initial_release_date": "2026-02-26T00:00:00",
"last_revision_date": "2026-02-26T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0213",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-n3kn9k",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-cpdos-qLsv6pFD",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cpdos-qLsv6pFD"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-dsnmp-cNN39Uh",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-ether-dos-Kv8YNWZ4",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4"
}
]
}
CVE-2026-20048 (GCVE-0-2026-20048)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:26 – Updated: 2026-02-25 19:05
VLAI?
EPSS
Title
Cisco NX-OS Software SNMP Denial of Service Vulnerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a DoS condition.
Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv1 or SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
Severity ?
7.7 (High)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS System Software in ACI Mode |
Affected:
15.2(1g)
Affected: 15.2(2e) Affected: 15.2(2f) Affected: 15.2(2g) Affected: 15.2(2h) Affected: 15.2(3f) Affected: 15.2(3e) Affected: 15.2(3g) Affected: 15.2(4d) Affected: 15.2(4e) Affected: 15.2(5c) Affected: 15.2(5d) Affected: 16.0(1g) Affected: 15.2(5e) Affected: 15.2(4f) Affected: 15.2(6e) Affected: 15.2(6h) Affected: 16.0(1j) Affected: 15.2(6g) Affected: 15.2(7f) Affected: 15.2(7g) Affected: 16.0(2h) Affected: 15.2(8d) Affected: 16.0(2j) Affected: 15.2(8e) Affected: 16.0(3d) Affected: 16.0(3e) Affected: 15.2(8f) Affected: 15.2(8g) Affected: 15.3(1d) Affected: 15.2(8h) Affected: 16.0(4c) Affected: 15.3(2a) Affected: 15.2(8i) Affected: 16.0(5h) Affected: 15.3(2b) Affected: 16.0(3g) Affected: 16.0(5j) Affected: 15.3(2c) Affected: 16.0(6c) Affected: 15.3(2d) Affected: 16.1(1f) Affected: 16.0(7e) Affected: 16.0(8e) Affected: 15.3(2e) Affected: 16.0(8f) Affected: 16.1(2f) Affected: 16.1(2g) Affected: 15.3(2f) Affected: 16.0(9c) Affected: 16.1(3f) Affected: 16.0(9d) Affected: 16.0(6h) Affected: 16.0(8h) Affected: 16.1(3g) Affected: 16.0(9e) Affected: 16.1(4h) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:18:11.351419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:48.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS System Software in ACI Mode",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "15.2(1g)"
},
{
"status": "affected",
"version": "15.2(2e)"
},
{
"status": "affected",
"version": "15.2(2f)"
},
{
"status": "affected",
"version": "15.2(2g)"
},
{
"status": "affected",
"version": "15.2(2h)"
},
{
"status": "affected",
"version": "15.2(3f)"
},
{
"status": "affected",
"version": "15.2(3e)"
},
{
"status": "affected",
"version": "15.2(3g)"
},
{
"status": "affected",
"version": "15.2(4d)"
},
{
"status": "affected",
"version": "15.2(4e)"
},
{
"status": "affected",
"version": "15.2(5c)"
},
{
"status": "affected",
"version": "15.2(5d)"
},
{
"status": "affected",
"version": "16.0(1g)"
},
{
"status": "affected",
"version": "15.2(5e)"
},
{
"status": "affected",
"version": "15.2(4f)"
},
{
"status": "affected",
"version": "15.2(6e)"
},
{
"status": "affected",
"version": "15.2(6h)"
},
{
"status": "affected",
"version": "16.0(1j)"
},
{
"status": "affected",
"version": "15.2(6g)"
},
{
"status": "affected",
"version": "15.2(7f)"
},
{
"status": "affected",
"version": "15.2(7g)"
},
{
"status": "affected",
"version": "16.0(2h)"
},
{
"status": "affected",
"version": "15.2(8d)"
},
{
"status": "affected",
"version": "16.0(2j)"
},
{
"status": "affected",
"version": "15.2(8e)"
},
{
"status": "affected",
"version": "16.0(3d)"
},
{
"status": "affected",
"version": "16.0(3e)"
},
{
"status": "affected",
"version": "15.2(8f)"
},
{
"status": "affected",
"version": "15.2(8g)"
},
{
"status": "affected",
"version": "15.3(1d)"
},
{
"status": "affected",
"version": "15.2(8h)"
},
{
"status": "affected",
"version": "16.0(4c)"
},
{
"status": "affected",
"version": "15.3(2a)"
},
{
"status": "affected",
"version": "15.2(8i)"
},
{
"status": "affected",
"version": "16.0(5h)"
},
{
"status": "affected",
"version": "15.3(2b)"
},
{
"status": "affected",
"version": "16.0(3g)"
},
{
"status": "affected",
"version": "16.0(5j)"
},
{
"status": "affected",
"version": "15.3(2c)"
},
{
"status": "affected",
"version": "16.0(6c)"
},
{
"status": "affected",
"version": "15.3(2d)"
},
{
"status": "affected",
"version": "16.1(1f)"
},
{
"status": "affected",
"version": "16.0(7e)"
},
{
"status": "affected",
"version": "16.0(8e)"
},
{
"status": "affected",
"version": "15.3(2e)"
},
{
"status": "affected",
"version": "16.0(8f)"
},
{
"status": "affected",
"version": "16.1(2f)"
},
{
"status": "affected",
"version": "16.1(2g)"
},
{
"status": "affected",
"version": "15.3(2f)"
},
{
"status": "affected",
"version": "16.0(9c)"
},
{
"status": "affected",
"version": "16.1(3f)"
},
{
"status": "affected",
"version": "16.0(9d)"
},
{
"status": "affected",
"version": "16.0(6h)"
},
{
"status": "affected",
"version": "16.0(8h)"
},
{
"status": "affected",
"version": "16.1(3g)"
},
{
"status": "affected",
"version": "16.0(9e)"
},
{
"status": "affected",
"version": "16.1(4h)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries\u0026nbsp;to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a\u0026nbsp;DoS condition.\r\nNote: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit\u0026nbsp;this vulnerability through SNMPv1 or\u0026nbsp;SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:26:28.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nxos-dsnmp-cNN39Uh",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh"
}
],
"source": {
"advisory": "cisco-sa-nxos-dsnmp-cNN39Uh",
"defects": [
"CSCwq57598"
],
"discovery": "EXTERNAL"
},
"title": "Cisco NX-OS Software SNMP Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20048",
"datePublished": "2026-02-25T16:26:28.329Z",
"dateReserved": "2025-10-08T11:59:15.355Z",
"dateUpdated": "2026-02-25T19:05:48.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20010 (GCVE-0-2026-20010)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:18 – Updated: 2026-02-25 19:05
VLAI?
EPSS
Title
Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service Vulnerability
Summary
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly.
This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
Severity ?
7.4 (High)
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Affected:
10.3(1)
Affected: 10.3(2) Affected: 10.3(3) Affected: 10.4(1) Affected: 10.3(99w) Affected: 10.3(3w) Affected: 10.3(99x) Affected: 10.3(3o) Affected: 10.3(4) Affected: 10.3(3p) Affected: 10.3(4a) Affected: 10.4(2) Affected: 10.3(3q) Affected: 10.3(3x) Affected: 10.3(4g) Affected: 10.3(3r) Affected: 10.3(4h) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:18:44.628066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:49.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.3(3)"
},
{
"status": "affected",
"version": "10.4(1)"
},
{
"status": "affected",
"version": "10.3(99w)"
},
{
"status": "affected",
"version": "10.3(3w)"
},
{
"status": "affected",
"version": "10.3(99x)"
},
{
"status": "affected",
"version": "10.3(3o)"
},
{
"status": "affected",
"version": "10.3(4)"
},
{
"status": "affected",
"version": "10.3(3p)"
},
{
"status": "affected",
"version": "10.3(4a)"
},
{
"status": "affected",
"version": "10.4(2)"
},
{
"status": "affected",
"version": "10.3(3q)"
},
{
"status": "affected",
"version": "10.3(3x)"
},
{
"status": "affected",
"version": "10.3(4g)"
},
{
"status": "affected",
"version": "10.3(3r)"
},
{
"status": "affected",
"version": "10.3(4h)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS System Software in ACI Mode",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.0(2h)"
},
{
"status": "affected",
"version": "16.0(2j)"
},
{
"status": "affected",
"version": "16.0(3d)"
},
{
"status": "affected",
"version": "16.0(3e)"
},
{
"status": "affected",
"version": "16.0(4c)"
},
{
"status": "affected",
"version": "16.0(5h)"
},
{
"status": "affected",
"version": "16.0(3g)"
},
{
"status": "affected",
"version": "16.0(5j)"
},
{
"status": "affected",
"version": "16.0(6c)"
},
{
"status": "affected",
"version": "16.1(1f)"
},
{
"status": "affected",
"version": "16.0(7e)"
},
{
"status": "affected",
"version": "16.0(8e)"
},
{
"status": "affected",
"version": "16.0(8f)"
},
{
"status": "affected",
"version": "16.1(2f)"
},
{
"status": "affected",
"version": "16.1(2g)"
},
{
"status": "affected",
"version": "16.0(9c)"
},
{
"status": "affected",
"version": "16.1(3f)"
},
{
"status": "affected",
"version": "16.0(9d)"
},
{
"status": "affected",
"version": "16.0(6h)"
},
{
"status": "affected",
"version": "16.0(8h)"
},
{
"status": "affected",
"version": "16.1(3g)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.3(6b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.3(6d)"
},
{
"status": "affected",
"version": "4.3(5e)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(6c)"
},
{
"status": "affected",
"version": "4.3(6a)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly.\r\n\r\nThis vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.\r\nNote:\u0026nbsp;LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be\u0026nbsp;directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol)."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:18:14.561Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3"
}
],
"source": {
"advisory": "cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3",
"defects": [
"CSCwq33193"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20010",
"datePublished": "2026-02-25T16:18:14.561Z",
"dateReserved": "2025-10-08T11:59:15.350Z",
"dateUpdated": "2026-02-25T19:05:49.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20033 (GCVE-0-2026-20033)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:26 – Updated: 2026-02-25 19:05
VLAI?
EPSS
Title
Cisco NX-OS Software Denial of Service Vulnerability
Summary
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation when processing specific Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to the management interface of an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
Note: Only the out-of-band (OOB) management interface is affected.
Severity ?
7.4 (High)
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS System Software in ACI Mode |
Affected:
15.2(1g)
Affected: 15.2(2e) Affected: 15.2(2f) Affected: 15.2(2g) Affected: 15.2(2h) Affected: 15.2(3f) Affected: 15.2(3e) Affected: 15.2(3g) Affected: 15.2(4d) Affected: 15.2(4e) Affected: 15.2(5c) Affected: 15.2(5d) Affected: 16.0(1g) Affected: 15.2(5e) Affected: 15.2(4f) Affected: 15.2(6e) Affected: 15.2(6h) Affected: 16.0(1j) Affected: 15.2(6g) Affected: 15.2(7f) Affected: 15.2(7g) Affected: 16.0(2h) Affected: 15.2(8d) Affected: 16.0(2j) Affected: 15.2(8e) Affected: 16.0(3d) Affected: 16.0(3e) Affected: 15.2(8f) Affected: 15.2(8g) Affected: 15.3(1d) Affected: 15.2(8h) Affected: 16.0(4c) Affected: 15.3(2a) Affected: 15.2(8i) Affected: 16.0(5h) Affected: 15.3(2b) Affected: 16.0(3g) Affected: 16.0(5j) Affected: 15.3(2c) Affected: 16.0(6c) Affected: 15.3(2d) Affected: 16.1(1f) Affected: 16.0(7e) Affected: 16.0(8e) Affected: 15.3(2e) Affected: 16.0(8f) Affected: 16.1(2f) Affected: 16.1(2g) Affected: 15.3(2f) Affected: 16.0(9c) Affected: 16.1(3f) Affected: 16.0(9d) Affected: 16.0(6h) Affected: 16.0(8h) Affected: 16.1(3g) Affected: 16.0(9e) Affected: 16.1(4h) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:18:01.739135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:48.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS System Software in ACI Mode",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "15.2(1g)"
},
{
"status": "affected",
"version": "15.2(2e)"
},
{
"status": "affected",
"version": "15.2(2f)"
},
{
"status": "affected",
"version": "15.2(2g)"
},
{
"status": "affected",
"version": "15.2(2h)"
},
{
"status": "affected",
"version": "15.2(3f)"
},
{
"status": "affected",
"version": "15.2(3e)"
},
{
"status": "affected",
"version": "15.2(3g)"
},
{
"status": "affected",
"version": "15.2(4d)"
},
{
"status": "affected",
"version": "15.2(4e)"
},
{
"status": "affected",
"version": "15.2(5c)"
},
{
"status": "affected",
"version": "15.2(5d)"
},
{
"status": "affected",
"version": "16.0(1g)"
},
{
"status": "affected",
"version": "15.2(5e)"
},
{
"status": "affected",
"version": "15.2(4f)"
},
{
"status": "affected",
"version": "15.2(6e)"
},
{
"status": "affected",
"version": "15.2(6h)"
},
{
"status": "affected",
"version": "16.0(1j)"
},
{
"status": "affected",
"version": "15.2(6g)"
},
{
"status": "affected",
"version": "15.2(7f)"
},
{
"status": "affected",
"version": "15.2(7g)"
},
{
"status": "affected",
"version": "16.0(2h)"
},
{
"status": "affected",
"version": "15.2(8d)"
},
{
"status": "affected",
"version": "16.0(2j)"
},
{
"status": "affected",
"version": "15.2(8e)"
},
{
"status": "affected",
"version": "16.0(3d)"
},
{
"status": "affected",
"version": "16.0(3e)"
},
{
"status": "affected",
"version": "15.2(8f)"
},
{
"status": "affected",
"version": "15.2(8g)"
},
{
"status": "affected",
"version": "15.3(1d)"
},
{
"status": "affected",
"version": "15.2(8h)"
},
{
"status": "affected",
"version": "16.0(4c)"
},
{
"status": "affected",
"version": "15.3(2a)"
},
{
"status": "affected",
"version": "15.2(8i)"
},
{
"status": "affected",
"version": "16.0(5h)"
},
{
"status": "affected",
"version": "15.3(2b)"
},
{
"status": "affected",
"version": "16.0(3g)"
},
{
"status": "affected",
"version": "16.0(5j)"
},
{
"status": "affected",
"version": "15.3(2c)"
},
{
"status": "affected",
"version": "16.0(6c)"
},
{
"status": "affected",
"version": "15.3(2d)"
},
{
"status": "affected",
"version": "16.1(1f)"
},
{
"status": "affected",
"version": "16.0(7e)"
},
{
"status": "affected",
"version": "16.0(8e)"
},
{
"status": "affected",
"version": "15.3(2e)"
},
{
"status": "affected",
"version": "16.0(8f)"
},
{
"status": "affected",
"version": "16.1(2f)"
},
{
"status": "affected",
"version": "16.1(2g)"
},
{
"status": "affected",
"version": "15.3(2f)"
},
{
"status": "affected",
"version": "16.0(9c)"
},
{
"status": "affected",
"version": "16.1(3f)"
},
{
"status": "affected",
"version": "16.0(9d)"
},
{
"status": "affected",
"version": "16.0(6h)"
},
{
"status": "affected",
"version": "16.0(8h)"
},
{
"status": "affected",
"version": "16.1(3g)"
},
{
"status": "affected",
"version": "16.0(9e)"
},
{
"status": "affected",
"version": "16.1(4h)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation when processing specific Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to the\u0026nbsp;management interface of an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\nNote: Only the out-of-band (OOB) management interface is affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:26:29.215Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nxos-cpdos-qLsv6pFD",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cpdos-qLsv6pFD"
}
],
"source": {
"advisory": "cisco-sa-nxos-cpdos-qLsv6pFD",
"defects": [
"CSCwq96001"
],
"discovery": "EXTERNAL"
},
"title": "Cisco NX-OS Software Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20033",
"datePublished": "2026-02-25T16:26:29.215Z",
"dateReserved": "2025-10-08T11:59:15.353Z",
"dateUpdated": "2026-02-25T19:05:48.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20051 (GCVE-0-2026-20051)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-02-25 19:05
VLAI?
EPSS
Title
Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability
Summary
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop.
This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device.
Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.
Severity ?
7.4 (High)
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Affected:
9.2(3)
Affected: 9.2(2v) Affected: 9.2(1) Affected: 9.2(2t) Affected: 9.2(3y) Affected: 9.3(2) Affected: 9.2(4) Affected: 9.3(1) Affected: 9.3(1z) Affected: 9.2(2) Affected: 9.3(3) Affected: 9.3(4) Affected: 9.3(5) Affected: 9.3(6) Affected: 9.3(5w) Affected: 9.3(7) Affected: 9.3(7k) Affected: 10.2(1) Affected: 9.3(7a) Affected: 9.3(8) Affected: 10.2(1q) Affected: 10.2(2) Affected: 9.3(9) Affected: 10.2(3) Affected: 10.2(3t) Affected: 9.3(10) Affected: 10.2(2a) Affected: 10.3(1) Affected: 10.2(4) Affected: 10.3(2) Affected: 9.3(11) Affected: 10.3(3) Affected: 10.2(5) Affected: 9.3(12) Affected: 10.2(3v) Affected: 10.4(1) Affected: 10.2(6) Affected: 10.3(3w) Affected: 10.3(3o) Affected: 10.3(4) Affected: 10.3(3p) Affected: 10.3(4a) Affected: 10.4(2) Affected: 10.3(3q) Affected: 9.3(13) Affected: 10.3(5) Affected: 10.2(7) Affected: 10.4(3) Affected: 10.3(3x) Affected: 10.3(4g) Affected: 10.5(1) Affected: 10.2(8) Affected: 10.3(3r) Affected: 10.3(6) Affected: 9.3(14) Affected: 10.4(4) Affected: 10.3(4h) Affected: 10.5(2) Affected: 10.3(7) Affected: 10.4(5) Affected: 10.5(3) Affected: 10.2(9) Affected: 9.3(15) Affected: 10.4(4g) Affected: 10.5(4) Affected: 10.6(1) Affected: 10.5(3t) Affected: 10.3(8) Affected: 10.4(6) Affected: 10.5(3s) Affected: 10.5(3e) Affected: 10.5(3o) Affected: 9.3(16) Affected: 10.6(1s) Affected: 10.5(3p) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:18:59.463626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:49.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.2(3)"
},
{
"status": "affected",
"version": "9.2(2v)"
},
{
"status": "affected",
"version": "9.2(1)"
},
{
"status": "affected",
"version": "9.2(2t)"
},
{
"status": "affected",
"version": "9.2(3y)"
},
{
"status": "affected",
"version": "9.3(2)"
},
{
"status": "affected",
"version": "9.2(4)"
},
{
"status": "affected",
"version": "9.3(1)"
},
{
"status": "affected",
"version": "9.3(1z)"
},
{
"status": "affected",
"version": "9.2(2)"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "9.3(4)"
},
{
"status": "affected",
"version": "9.3(5)"
},
{
"status": "affected",
"version": "9.3(6)"
},
{
"status": "affected",
"version": "9.3(5w)"
},
{
"status": "affected",
"version": "9.3(7)"
},
{
"status": "affected",
"version": "9.3(7k)"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "9.3(7a)"
},
{
"status": "affected",
"version": "9.3(8)"
},
{
"status": "affected",
"version": "10.2(1q)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "9.3(9)"
},
{
"status": "affected",
"version": "10.2(3)"
},
{
"status": "affected",
"version": "10.2(3t)"
},
{
"status": "affected",
"version": "9.3(10)"
},
{
"status": "affected",
"version": "10.2(2a)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.2(4)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "9.3(11)"
},
{
"status": "affected",
"version": "10.3(3)"
},
{
"status": "affected",
"version": "10.2(5)"
},
{
"status": "affected",
"version": "9.3(12)"
},
{
"status": "affected",
"version": "10.2(3v)"
},
{
"status": "affected",
"version": "10.4(1)"
},
{
"status": "affected",
"version": "10.2(6)"
},
{
"status": "affected",
"version": "10.3(3w)"
},
{
"status": "affected",
"version": "10.3(3o)"
},
{
"status": "affected",
"version": "10.3(4)"
},
{
"status": "affected",
"version": "10.3(3p)"
},
{
"status": "affected",
"version": "10.3(4a)"
},
{
"status": "affected",
"version": "10.4(2)"
},
{
"status": "affected",
"version": "10.3(3q)"
},
{
"status": "affected",
"version": "9.3(13)"
},
{
"status": "affected",
"version": "10.3(5)"
},
{
"status": "affected",
"version": "10.2(7)"
},
{
"status": "affected",
"version": "10.4(3)"
},
{
"status": "affected",
"version": "10.3(3x)"
},
{
"status": "affected",
"version": "10.3(4g)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.2(8)"
},
{
"status": "affected",
"version": "10.3(3r)"
},
{
"status": "affected",
"version": "10.3(6)"
},
{
"status": "affected",
"version": "9.3(14)"
},
{
"status": "affected",
"version": "10.4(4)"
},
{
"status": "affected",
"version": "10.3(4h)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.3(7)"
},
{
"status": "affected",
"version": "10.4(5)"
},
{
"status": "affected",
"version": "10.5(3)"
},
{
"status": "affected",
"version": "10.2(9)"
},
{
"status": "affected",
"version": "9.3(15)"
},
{
"status": "affected",
"version": "10.4(4g)"
},
{
"status": "affected",
"version": "10.5(4)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(3t)"
},
{
"status": "affected",
"version": "10.3(8)"
},
{
"status": "affected",
"version": "10.4(6)"
},
{
"status": "affected",
"version": "10.5(3s)"
},
{
"status": "affected",
"version": "10.5(3e)"
},
{
"status": "affected",
"version": "10.5(3o)"
},
{
"status": "affected",
"version": "9.3(16)"
},
{
"status": "affected",
"version": "10.6(1s)"
},
{
"status": "affected",
"version": "10.5(3p)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop.\r\n\r\nThis vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device.\r\nNote:\u0026nbsp;To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "Use of Uninitialized Variable",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:14:33.859Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nxos-ether-dos-Kv8YNWZ4",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4"
}
],
"source": {
"advisory": "cisco-sa-nxos-ether-dos-Kv8YNWZ4",
"defects": [
"CSCwo94451"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20051",
"datePublished": "2026-02-25T16:14:33.859Z",
"dateReserved": "2025-10-08T11:59:15.355Z",
"dateUpdated": "2026-02-25T19:05:49.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…