CVE-2024-20321

Summary

A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco NX-OS Software7.0(3)F1(1)affected
CiscoCisco NX-OS Software7.0(3)F2(1)affected
CiscoCisco NX-OS Software7.0(3)F2(2)affected
CiscoCisco NX-OS Software7.0(3)F3(1)affected
CiscoCisco NX-OS Software7.0(3)F3(2)affected
CiscoCisco NX-OS Software7.0(3)F3(3)affected
CiscoCisco NX-OS Software7.0(3)F3(3a)affected
CiscoCisco NX-OS Software7.0(3)F3(4)affected
CiscoCisco NX-OS Software7.0(3)F3(3c)affected
CiscoCisco NX-OS Software7.0(3)F3(5)affected
CiscoCisco NX-OS Software9.2(1)affected
CiscoCisco NX-OS Software9.2(2)affected
CiscoCisco NX-OS Software9.2(2t)affected
CiscoCisco NX-OS Software9.2(3)affected
CiscoCisco NX-OS Software9.2(4)affected
CiscoCisco NX-OS Software9.2(2v)affected
CiscoCisco NX-OS Software9.3(1)affected
CiscoCisco NX-OS Software9.3(2)affected
CiscoCisco NX-OS Software9.3(3)affected
CiscoCisco NX-OS Software9.3(4)affected
CiscoCisco NX-OS Software9.3(5)affected
CiscoCisco NX-OS Software9.3(6)affected
CiscoCisco NX-OS Software9.3(7)affected
CiscoCisco NX-OS Software9.3(7a)affected
CiscoCisco NX-OS Software9.3(8)affected
CiscoCisco NX-OS Software9.3(9)affected
CiscoCisco NX-OS Software9.3(10)affected
CiscoCisco NX-OS Software9.3(11)affected
CiscoCisco NX-OS Software9.3(12)affected
CiscoCisco NX-OS Software10.1(1)affected
CiscoCisco NX-OS Software10.1(2)affected
CiscoCisco NX-OS Software10.1(2t)affected
CiscoCisco NX-OS Software10.2(1)affected
CiscoCisco NX-OS Software10.2(1q)affected
CiscoCisco NX-OS Software10.2(2)affected
CiscoCisco NX-OS Software10.2(3)affected
CiscoCisco NX-OS Software10.2(3t)affected
CiscoCisco NX-OS Software10.2(4)affected
CiscoCisco NX-OS Software10.2(5)affected
CiscoCisco NX-OS Software10.2(3v)affected
CiscoCisco NX-OS Software10.2(6)affected
CiscoCisco NX-OS Software10.3(1)affected
CiscoCisco NX-OS Software10.3(2)affected
CiscoCisco NX-OS Software10.3(3)affected
CiscoCisco NX-OS Software10.3(99w)affected
CiscoCisco NX-OS Software10.3(99x)affected
CiscoCisco NX-OS Software10.3(4a)affected
CiscoCisco NX-OS Software10.4(1)affected

Weaknesses

  • CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References