fkie_cve-2024-20321
Vulnerability from fkie_nvd
Published
2024-02-29 01:43
Modified
2024-11-21 08:52
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJVendor Advisory
Impacted products
Vendor Product Version
cisco nx-os 7.0\(3\)f1\(1\)
cisco nx-os 7.0\(3\)f2\(1\)
cisco nx-os 7.0\(3\)f2\(2\)
cisco nx-os 7.0\(3\)f3\(1\)
cisco nx-os 7.0\(3\)f3\(2\)
cisco nx-os 7.0\(3\)f3\(3\)
cisco nx-os 7.0\(3\)f3\(3a\)
cisco nx-os 7.0\(3\)f3\(3c\)
cisco nx-os 7.0\(3\)f3\(4\)
cisco nx-os 7.0\(3\)f3\(5\)
cisco nx-os 9.2\(1\)
cisco nx-os 9.2\(2\)
cisco nx-os 9.2\(2t\)
cisco nx-os 9.2\(2v\)
cisco nx-os 9.2\(3\)
cisco nx-os 9.2\(4\)
cisco nx-os 9.3\(1\)
cisco nx-os 9.3\(2\)
cisco nx-os 9.3\(3\)
cisco nx-os 9.3\(4\)
cisco nx-os 9.3\(5\)
cisco nx-os 9.3\(6\)
cisco nx-os 9.3\(7\)
cisco nx-os 9.3\(7a\)
cisco nx-os 9.3\(8\)
cisco nx-os 9.3\(9\)
cisco nx-os 9.3\(10\)
cisco nx-os 9.3\(11\)
cisco nx-os 9.3\(12\)
cisco nx-os 10.1\(1\)
cisco nx-os 10.1\(2\)
cisco nx-os 10.1\(2t\)
cisco nx-os 10.2\(1\)
cisco nx-os 10.2\(1q\)
cisco nx-os 10.2\(2\)
cisco nx-os 10.2\(3\)
cisco nx-os 10.2\(3t\)
cisco nx-os 10.2\(3v\)
cisco nx-os 10.2\(4\)
cisco nx-os 10.2\(5\)
cisco nx-os 10.2\(6\)
cisco nx-os 10.3\(1\)
cisco nx-os 10.3\(2\)
cisco nx-os 10.3\(3\)
cisco nx-os 10.3\(4a\)
cisco nx-os 10.3\(99w\)
cisco nx-os 10.3\(99x\)
cisco nx-os 10.4\(1\)


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f1\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "21F43A5A-52A2-4094-8D36-39450B8F0E0D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "674D15C8-3946-4C2F-9B62-BC6E5BC67673",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "990FA11F-5158-4717-B716-C5D6D2D23D1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "D5DD2941-AD1E-4C13-8DAA-C5524B96AAB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "45A37F82-44B3-426C-A344-9054599BB426",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "907A3DEC-27F8-4D0A-9EE4-4681B6D9BADB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3a\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "53378B5F-4A5B-425D-B8BE-455FAF924551",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3c\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A8F6C744-6501-4FAD-AF4F-12D3EA8F5BE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(4\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "076216C6-C115-4C7C-A9E3-46A3986DA2AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(5\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A819AE96-3933-4AD2-AF30-36E199393E01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.2\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "DD96C7AE-EECC-43F4-9132-1E7F8047C701",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "1D43B9D6-0991-4370-9369-C0A1EDBF6627",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.2\\(2t\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "6EB58108-78E4-4208-A549-C86B37422828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.2\\(2v\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "46427F06-FAB1-4AB8-A6BF-3EE10608B4D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "5FB6ADC7-97AC-4DD8-8F1B-448A63D8BE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.2\\(4\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "6E2484E7-24ED-4238-8ED3-FFFB7C479F18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "9A589031-946F-4016-AFC9-92FB033420D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "20FF2A5A-CB80-4F58-856D-724AACB0864C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "9FF50BFC-2DB3-4954-BC59-8B3D27D418E0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(4\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "F97A62E0-8A96-43A3-8FB1-FDC1B8A08049",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "2A2F42DB-B22B-4880-BA73-D0E0295190DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(6\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "85A8B2D7-BCF2-4B2E-8208-7D2FDF717C65",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(7\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "C8A71DEB-93CD-4827-9F9E-3A0DFFAD145A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(7a\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "E1A56DB8-CDDD-4AB8-8694-B6CC967B7F62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "2B448FDB-C2F5-454F-A275-E985C3FCDBCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "1AEE47A7-B23A-4C9A-A25C-0983D94FB569",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "350F10D8-221B-4A47-8BF6-CCC421878243",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4E497-95AE-45FC-8F89-A7959CA9AF4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "7385A37A-FC89-44E6-8BD9-C35B2F22714F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.1\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "D7B192CE-F0B4-415F-9A33-B639A7B56ED4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.1\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "2A1D6DFF-D8CC-4912-BFE6-8454AB95AD7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.1\\(2t\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "B6C6D9CC-211B-4CAA-B2AB-16DE5A34E21E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "F2DB904E-9FAF-4A23-82E9-367BDBFC57D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A5736375-4050-40A5-A504-688B182C9A75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "54AB751B-77DE-4513-B961-378458F74164",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(3\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "63AB92C1-D2F7-4025-88B6-EFA1D3C07F8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(3t\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "305A6637-16EA-4A66-A044-19BE643D6CA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(3v\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "8AB69D4C-6993-42E6-A4E4-99CE309CD55A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(4\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "69C445A7-B836-493D-8056-86D4F31847EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(5\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "C3018A70-3236-4885-8EB1-708442F74981",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.2\\(6\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "6FE29E31-332A-4B5B-ADAC-4C14FB589593",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.3\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "F69EF43C-0F06-40B8-94AE-870E182E26CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE0E36D-08A6-48D5-A364-AC066F30F3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.3\\(3\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "093B5CCD-AE92-47C4-81E9-E03825BD6CF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.3\\(4a\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "1DBDBBC8-12BA-42F9-BF22-B29C3FDF8A31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.3\\(99w\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "0B3B9B0F-6D25-408B-9D20-87C66F786D61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.3\\(99x\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "59AB22C9-34C9-4919-BA80-DFF3E186620F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:10.4\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "BE3869F2-3991-4F60-8618-7F491EBFF807",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en la implementación del protocolo de puerta de enlace de frontera externa (eBGP) del software Cisco NX-OS podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad existe porque el tráfico eBGP está asignado a una cola limitadora de velocidad de hardware compartida. Un atacante podría aprovechar esta vulnerabilidad enviando grandes cantidades de tráfico de red con determinadas características a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante provocar la caída de las sesiones vecinas de eBGP, lo que provocaría una condición DoS en la red.",
      },
   ],
   id: "CVE-2024-20321",
   lastModified: "2024-11-21T08:52:22.093",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-02-29T01:43:59.410",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.