Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-20010

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-25 Feb, 2026 | 16:18
Updated At-25 Feb, 2026 | 19:05
Rejected At-
Credits

Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:25 Feb, 2026 | 16:18
Updated At:25 Feb, 2026 | 19:05
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco NX-OS Software
Default Status
unknown
Versions
Affected
  • 10.3(1)
  • 10.3(2)
  • 10.3(3)
  • 10.4(1)
  • 10.3(99w)
  • 10.3(3w)
  • 10.3(99x)
  • 10.3(3o)
  • 10.3(4)
  • 10.3(3p)
  • 10.3(4a)
  • 10.4(2)
  • 10.3(3q)
  • 10.3(3x)
  • 10.3(4g)
  • 10.3(3r)
  • 10.3(4h)
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco NX-OS System Software in ACI Mode
Default Status
unknown
Versions
Affected
  • 16.0(2h)
  • 16.0(2j)
  • 16.0(3d)
  • 16.0(3e)
  • 16.0(4c)
  • 16.0(5h)
  • 16.0(3g)
  • 16.0(5j)
  • 16.0(6c)
  • 16.1(1f)
  • 16.0(7e)
  • 16.0(8e)
  • 16.0(8f)
  • 16.1(2f)
  • 16.1(2g)
  • 16.0(9c)
  • 16.1(3f)
  • 16.0(9d)
  • 16.0(6h)
  • 16.0(8h)
  • 16.1(3g)
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Unified Computing System (Managed)
Default Status
unknown
Versions
Affected
  • 4.3(4e)
  • 4.3(6b)
  • 4.3(4c)
  • 4.3(4f)
  • 4.3(6d)
  • 4.3(5e)
  • 4.3(4d)
  • 4.3(4b)
  • 4.3(5a)
  • 4.3(5c)
  • 4.3(5d)
  • 4.3(6c)
  • 4.3(6a)
Problem Types
TypeCWE IDDescription
cweCWE-805Buffer Access with Incorrect Length Value
Type: cwe
CWE ID: CWE-805
Description: Buffer Access with Incorrect Length Value
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:25 Feb, 2026 | 17:25
Updated At:27 Feb, 2026 | 14:06

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-805Primarypsirt@cisco.com
CWE ID: CWE-805
Type: Primary
Source: psirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3psirt@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
Source: psirt@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

69Records found
CVE-2018-0471
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.22% / 44.96%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability

A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-20140
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.03% / 8.20%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:36
Updated-31 Jul, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9130axecatalyst_9800-40catalyst_9120axpcatalyst_cw9800h2catalyst_9800-80catalyst_9800-lcatalyst_cw9800mcatalyst_9130axicatalyst_9800-cl_wireless_controllers_for_cloudcatalyst_9115axicatalyst_9117axicatalyst_9120axecatalyst_9105axicatalyst_cw9800h1catalyst_9115axecatalyst_9120axiCisco IOS XE Software
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2025-20189
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.03% / 8.20%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:35
Updated-05 Aug, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_903Cisco IOS XE Software
CWE ID-CWE-762
Mismatched Memory Management Routines
CVE-2025-20111
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.05% / 16.54%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 16:11
Updated-26 Feb, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 3000 and 9000 Series Switches Layer 2 Ethernet Denial of Service Vulnerability

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco NX-OS Software
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2025-20311
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.03% / 7.14%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 17:12
Updated-30 Sep, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XE Software
CVE-2025-20340
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 16:06
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Address Resolution Protocol Broadcast Storm Vulnerability

A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of service (DoS) condition on an affected device.  This vulnerability is due to how Cisco IOS XR Software processes a high, sustained rate of ARP traffic hitting the management interface. Under certain conditions, an attacker could exploit this vulnerability by sending an excessive amount of traffic to the management interface of an affected device, overwhelming its ARP processing capabilities. A successful exploit could result in degraded device performance, loss of management connectivity, and complete unresponsiveness of the system, leading to a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XR Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-20141
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.07% / 20.55%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 16:12
Updated-06 Aug, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_55a2-mod-hd-sncs_5508ncs_55a2-mod-se-sncs_540-12z20g-sys-ancs_540-fh-csr-sysncs_540x-8z16g-sys-dncs_55a1-24hncs_57c1-48q6-sysncs_540x-16z8q2c-dncs_540-6z14s-sys-dncs_540x-acc-sysios_xrncs_540x-6z18g-sys-ancs_55a1-48q6hncs_540x-8z16g-sys-ancs_5502-sencs_5516ncs_540x-6z18g-sys-dncs_57b1-6d24-sysncs_540x-16z4g8q2c-ancs_5502ncs_540x-12z16g-sys-dncs_540-6z18g-sys-ancs_540-24z8q2c-sysncs_55a2-mod-sncs_540-12z20g-sys-dncs_540-fh-aggncs_540x-12z16g-sys-ancs_540-24q2c2dd-sysncs_540x-4z14g2q-dncs_55a1-36hncs_57c3-mod-sysncs_55a1-36h-sencs_55a1-24q6h-sncs_540-24q8l2dd-sysncs_540-28z4c-sys-dncs_540x-16z4g8q2c-dncs_5504ncs_540x-4z14g2q-ancs_540-acc-sysncs_5501-sencs_540-6z18g-sys-dncs_540-28z4c-sys-ancs_57d2-18dd-sysncs_57b1-5dse-sysncs_5501ncs_55a1-24q6h-ssCisco IOS XR Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-20769
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.05% / 16.89%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:45
Updated-06 Nov, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8540_wireless_lan_controllervirtual_wireless_controller2504_wireless_lan_controller5520_wireless_lan_controller3504_wireless_lan_controllerflex_75105508_wireless_lan_controllerwireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20241
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.04% / 12.19%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 16:23
Updated-27 Aug, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol <TBD> Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco NX-OS Software
CWE ID-CWE-733
Compiler Optimization Removal or Modification of Security-critical Code
CVE-2019-1920
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.92% / 75.67%
||
7 Day CHG~0.00%
Published-17 Jul, 2019 | 20:20
Updated-21 Nov, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_3700e_firmwareaironet_3700eaironet_3700iaironet_3700paccess_pointsaironet_3700p_firmwareaironet_3700i_firmwareCisco Aironet Access Point Software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20049
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.06% / 77.37%
||
7 Day CHG~0.00%
Published-09 Mar, 2023 | 00:00
Updated-28 Oct, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_9910asr_9906asr_9904asr_9006asr_9903asr_9912asr_9010asr_9922asr_9001asr_9000v-v2ios_xrasr_9902asr_9901Cisco IOS XR Software
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-20294
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:16
Updated-21 May, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180yc-fx3nexus_34180ycnexus_7700nexus_93240tc-fx2nexus_92300ycnexus_3524-x\/xlnexus_3232nexus_7004nexus_9364c-gxnexus_3408-snexus_93108tc-fx-24mds_9148snexus_9336pq_aci_spinenexus_6001pnexus_9516_switchnexus_3100vnexus_7000_supervisor_2enexus_93180yc-ex-24nexus_9516nexus_3064-32tmds_9216inexus_93128txnexus_9500rnexus_9804nexus_3400nexus_3172tqnexus_5672upnexus_7000_9-slotmds_9216nexus_3132q-x\/3132q-xlnexus_5596upnexus_9432pqnexus_92304qc_switchnexus_93180yc-fx3hnexus_34200yc-smunified_computing_systemnexus_93400ld-h1firepower_extensible_operating_systemnexus_3016nexus_93180yc-exnexus_93180yc-ex_switchnexus_93240yc-fx2nexus_3600nexus_9336pqnexus_9396pxnexus_93216tc-fx2nexus_7010firepower_9300_sm-48nexus_3548-xlnexus_93128tx_switchnexus_9500ucs_6248upnexus_3132q-vnexus_9636pqnexus_3172pq-xlmds_9700nexus_9716d-gxnexus_9500_supervisor_a\+nexus_7700_10-slotnexus_9348gc-fx3nexus_6000mds_9148tnexus_93108tc-fx3hnexus_3500_platformnexus_93180lc-exfirepower_4150nexus_6004nexus_3548-x\/xlnexus_7710nexus_9500_supervisor_b\+firepower_4112nexus_3264qnexus_6001nexus_9300nexus_9336c-fx2-enexus_3172pqnexus_9372px-enexus_5624qnexus_93180yc-fxnexus_6004xnexus_9372txnexus_7700_supervisor_2enexus_92160yc-xmds_9250imds_9140nexus_9336c-fx2nexus_7000_4-slotnexus_9500_4-slotnexus_9348gc-fxpucs_6296upnexus_93108tc-ex-24nexus_3524-xlmds_9132tnexus_9372pxnexus_93600cd-gxnexus_9332d-h2rnexus_3132q-xlnexus_9408nexus_9800ucs_6248_upfirepower_4125mds_9509nexus_9396tx_switchnexus_3132qmds_9148nexus_3432d-snexus_31108tc-vnexus_5648qucs_6536nexus_93360yc-fx2mds_9396tucs_6296_upnexus_3064-xnexus_5672up-16gnexus_7000_supervisor_2nexus_92348gc-xnexus_9272q_switchnexus_9272qfirepower_9300_sm-36nexus_9372tx-enexus_9372px_switchnexus_92300yc_switchnexus_9372tx_switchnexus_9221cnexus_3264c-emds_9200firepower_9300_sm-24nexus_9348d-gx2anexus_3064tnexus_7700_6-slotmds_9216anexus_3100-vnexus_9500_16-slotucs_64108firepower_9300_sm-40nexus_93108tc-fxnexus_93108tc-exnexus_3172nexus_9536pqnexus_3500nexus_3132q-xnexus_7700_supervisor_3enexus_93120tx_switchmds_9222inexus_93128nexus_3064xnexus_3232cnexus_3524-xnexus_9500_supervisor_bucs_6454mds_9706nexus_3064-tfirepower_9300_sm-56ucs_6324nexus_3132c-znexus_3100-znexus_9504nexus_7000nexus_7702nexus_3232c_nexus_3464cnexus_7000_10-slotnexus_9200ycnexus_93108tc-fx3nexus_7718nexus_3200nexus_9200nexus_3636c-rnexus_9332d-gx2bnexus_9348gc-fx3phnexus_3064nexus_56128pnexus_9332cnexus_3048mds_9500mds_9396snexus_6001tnexus_3172tq-32tnexus_93108tc-fx3pnexus_7000_18-slotnexus_93180lc-ex_switchnexus_9236cnexus_31108pc-vnexus_9364cnexus_9500_supervisor_anexus_9396px_switchnexus_5548upnexus_7009nexus_9500_8-slotnexus_7700_18-slotfirepower_4120nexus_9736pqnexus_93180yc-fx-24firepower_4145firepower_4115nexus_9336pq_acinexus_9808firepower_9300_sm-44mds_9710mds_9513nexus_9316d-gxnexus_7018nexus_9236c_switchnexus_9332pq_switchfirepower_4140nexus_9336pq_aci_spine_switchnexus_9364c-h1nexus_3016qnexus_3172pq\/pq-xlucs_6332mds_9134nexus_9332pqnexus_93180tc-exnexus_5548pnexus_7000_supervisor_1nexus_9000vnexus_9372tx-e_switchnexus_7706nexus_9364d-gx2anexus_3548-xnexus_31108pv-vnexus_3172tq-xlnexus_3548nexus_36180yc-rnexus_9396txnexus_92160yc_switchnexus_9508_switchmds_9506nexus_31128pqnexus_9372px-e_switchnexus_9232enexus_3524nx-osnexus_93120txnexus_5696qmds_9718firepower_4110nexus_9504_switchnexus_3164qnexus_92304qcnexus_5596tnexus_9508nexus_3100nexus_7700_2-slotucs_6332-16upnexus_93108tc-ex_switchnexus_93180yc-fx3sCisco Unified Computing System (Managed)Cisco Firepower Extensible Operating System (FXOS)Cisco NX-OS System Software in ACI ModeCisco NX-OS Software
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20175
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:39
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.&nbsp; This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20169
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:40
Updated-30 Oct, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.&nbsp; This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosios_xeCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20360
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.16% / 36.85%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 16:19
Updated-12 Feb, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Secure Firewall Threat Defense (FTD) SoftwareCisco Cyber Vision
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20315
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.11% / 30.31%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 17:09
Updated-26 Sep, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability is due to improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. An attacker could exploit this vulnerability by sending malformed CAPWAP packets through an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XE Software
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20170
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:39
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.&nbsp; This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20174
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:39
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.&nbsp; This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-21591
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.82%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:46
Updated-26 Jan, 2026 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * from 23.1 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2. This issue isn't applicable to any versions of Junos OS before 23.1R1. This issue doesn't affect vSRX Series which doesn't support DHCP Snooping. This issue doesn't affect Junos OS Evolved. There are no indicators of compromise for this issue.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
  • Previous
  • 1
  • 2
  • Next
Details not found