Description
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-lldap-dos-WerV9CFj
Scores
CVSS v3
4.7
EPSS
0.0012
EPSS Percentile
30.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
CWE-346
Status
published
Products (50)
cisco/nx-os
11.0\(1b\)
cisco/nx-os
11.0\(1c\)
cisco/nx-os
11.0\(1d\)
cisco/nx-os
11.0\(1e\)
cisco/nx-os
11.0\(2j\)
cisco/nx-os
11.0\(2m\)
cisco/nx-os
11.0\(3f\)
cisco/nx-os
11.0\(3i\)
cisco/nx-os
11.0\(3k\)
cisco/nx-os
11.0\(3n\)
... and 40 more
Published
Feb 24, 2021
Tracked Since
Feb 18, 2026