cisco-sa-nxos-ebgp-dos-L3QCwVJ

Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability

cisco-sa-nxos-ebgp-dos-L3QCwVJ · High · Published 2 years ago · Updated 2 years ago

A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ This advisory is part of the February 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2024-20321
Cisco Bug IDs	CSCwh09703, CSCwh96478
CVSS Score	Base 8.6 Base 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco NX-OS Software 7.0(3)F3(1), Cisco NX-OS Software 7.0(3)F3(2), Cisco NX-OS Software 7.0(3)F3(3), Cisco NX-OS Software 7.0(3)F3(3a), Cisco NX-OS Software 7.0(3)F3(4), Cisco NX-OS Software 7.0(3)F3(3c), Cisco NX-OS Software 7.0(3)F3(5), Cisco NX-OS Software 9.2(1), Cisco NX-OS Software 9.2(2), Cisco NX-OS Software 9.2(2t), Cisco NX-OS Software 9.2(3), Cisco NX-OS Software 9.2(3y), Cisco NX-OS Software 9.2(4), Cisco NX-OS Software 9.2(2v), Cisco NX-OS Software 9.3(1), Cisco NX-OS Software 9.3(2), Cisco NX-OS Software 9.3(3), Cisco NX-OS Software 9.3(1z), Cisco NX-OS Software 9.3(4), Cisco NX-OS Software 9.3(5), Cisco NX-OS Software 9.3(6), Cisco NX-OS Software 9.3(5w), Cisco NX-OS Software 9.3(7), Cisco NX-OS Software 9.3(7k), Cisco NX-OS Software 9.3(7a), Cisco NX-OS Software 9.3(8), Cisco NX-OS Software 9.3(9), Cisco NX-OS Software 9.3(10), Cisco NX-OS Software 9.3(11), Cisco NX-OS Software 9.3(12), Cisco NX-OS Software 10.1(1), Cisco NX-OS Software 10.1(2), Cisco NX-OS Software 10.1(2t), Cisco NX-OS Software 10.2(1), Cisco NX-OS Software 10.2(1q), Cisco NX-OS Software 10.2(2), Cisco NX-OS Software 10.2(3), Cisco NX-OS Software 10.2(2a), Cisco NX-OS Software 10.2(3t), Cisco NX-OS Software 10.2(4), Cisco NX-OS Software 10.2(5), Cisco NX-OS Software 10.2(3v), Cisco NX-OS Software 10.2(6), Cisco NX-OS Software 10.3(1), Cisco NX-OS Software 10.3(2), Cisco NX-OS Software 10.3(3), Cisco NX-OS Software 10.3(99w), Cisco NX-OS Software 10.3(3w), Cisco NX-OS Software 10.3(99x), Cisco NX-OS Software 10.3(3o), Cisco NX-OS Software 10.3(4a), Cisco NX-OS Software 10.3(3p), Cisco NX-OS Software 10.3(4), Cisco NX-OS Software 10.3(3q), Cisco NX-OS Software 10.3(3x), Cisco NX-OS Software 10.3(4g), Cisco NX-OS Software 10.3(3r), Cisco NX-OS Software 10.3(4h), Cisco NX-OS Software 10.4(1), Cisco NX-OS Software, Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches

CSAF Product Statuses

Product	Status	Source	CVE	Rows
Cisco NX-OS Software 10.1(1) when installed on Cisco Nexus 3000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.1(1) when installed on Cisco Nexus 9000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.1(2) when installed on Cisco Nexus 3000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.1(2) when installed on Cisco Nexus 9000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.1(2t) when installed on Cisco Nexus 3000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.2(1) when installed on Cisco Nexus 3000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.2(1) when installed on Cisco Nexus 9000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.2(1q) when installed on Cisco Nexus 9000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.2(2) when installed on Cisco Nexus 3000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.2(2) when installed on Cisco Nexus 9000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.2(2a) when installed on Cisco Nexus 9000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1
Cisco NX-OS Software 10.2(3) when installed on Cisco Nexus 3000 Series Switches	known_affected	cisco_csaf	CVE-2024-20321	1

Showing 12 of 96 CSAF status groups; 84 more not shown.

Related Products

Product	CVE	Evidence
Cisco Firepower Extensible Operating System (FXOS)	CVE-2024-20321	Cisco OpenVuln
Cisco NX-OS Software	CVE-2024-20321	Cisco OpenVuln
Cisco Nexus 9000 Series Switches	CVE-2024-20321	Cisco OpenVuln · family-level
Cisco Nexus 3000 Series Switches	CVE-2024-20321	Cisco OpenVuln · family-level

Vulnslist

find the latest Cisco vulnerabilities

Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability

Workarounds

CSAF Product Statuses

Related Products