216.73.217.80

CVE-2026-20051

· Published 25/02/2026 17:25 · Modified 25/02/2026 17:25

Labels: CVE-2026-20051 2026-02-25CVE-2026-20051CWE-457[email protected]

Essential information

Published
25/02/2026 17:25
Modified
25/02/2026 17:25
Author
Creator
CVSS
7.4 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVSS metrics

Description

A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device. Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider. 

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisco / nexus 3600 cpe:2.3:h:cisco:nexus_3600:*:*:*:*:*:*:*:*
cisco / nexus 9500-r cpe:2.3:h:cisco:nexus_9500-r:*:*:*:*:*:*:*:*

References