—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Cisco Nexus 3600 and 9500-R Switching Platform(PIDs)

N3K-C36180YC-R

N3K-C3636C-R

N9K-X96136YC-R

N9K-X9636C-R

N9K-X9636C-RX

N9K-X9636Q-R

Overview

A vulnerability has been reported in  Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device.

Successful exploitation of this vulnerability could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition.

Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4

CVE Name

CVE-2026-20051

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmhqQUACgkQ3jCgcSdc

ys+IWQ/9FWDUlgZp2iraUjHWvMzC6Ai3BT4WlxhjbJ/3W9GEDdDLNfPejjip9YSU

mzPjvreB5qXuxtACubWK2rKypQPj4sXIrt+sBuWjOro2QyAREgAoXsMPExJAP4fM

g9+m9VwQWHjo4AhDykla29nUhAUv1N/MYCrHASlrN9kQSL6RUBazgIqBWgyoxJRr

F7+HmHgHhel7ToWaU6/cJODt6NyPRrtGxHK4eDvx4eMauo1zQsndz5/rWkOKRzdy

SWofH6T9CB5VJsaI6mNyINfgk2s2QVi3Pp/FXiXEikp+OyBH1rkOFGft8NbTScUG

d+G0qu7C9dKKz/quvZBeb1WysveTKx0lJF+EED5c7M6eYdZu27ARK20GLa2/AOeT

cUElLExEyTN8oMb/MYfv6k7SU4XbZQkz/SGEkZclx0nz4bIBam+Wl7Ty5kvFNcss

K7K29np0Jdg7UYYYsZ1KvDZLK5ltwt8Cp+cwO5aZRSZJ8KvnrF9ZYPuKnk2wWIkc

QSkT3vs9M275jqz6SAHd0v0etMa9jJwOwR/8i6g9L/95Yjqz0suySXKQ4WPij8OY

iCetHPEY/UG5+wdfcrD5w3CpuJ8rOz6McKv6EzCCMFnCa5nw+X9QiCqvwzEk9sBh

9vultsmik/+Kb9wic8sKEkQAZLKKiyO6eXdDc3xb/PH9yosyMec=

=yQqt

—–END PGP SIGNATURE—–