Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability
CVE-2023-20089

7.4HIGH

Key Information:

Vendor
Cisco
Status
Cisco Nx-os System Software In Aci Mode
Vendor
CVE Published:
23 February 2023

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches operating in Application Centric Infrastructure (ACI) Mode. This flaw could be exploited by an adjacent attacker to induce a memory leak that unexpectedly reloads the device. The vulnerability stems from inadequate error checking when parsing LLDP packets. To exploit this, an attacker must send crafted LLDP packets directly to an affected device in the same broadcast domain. Although this could create a denial of service condition, the risk can be mitigated by disabling LLDP on non-essential interfaces.

Affected Version(s)

Cisco NX-OS System Software in ACI Mode

References

https://sec.cloudapps.cisco.com/security/center/content/C...
vendor-advisory

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.