CVE-2023-20089: Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability
First published: Thu Feb 23 2023(Updated: )
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | =15.2\(1g\) | |
| Cisco NX-OS | =15.2\(2e\) | |
| Cisco NX-OS | =15.2\(2f\) | |
| Cisco NX-OS | =15.2\(2g\) | |
| Cisco NX-OS | =15.2\(2h\) | |
| Cisco NX-OS | =15.2\(3e\) | |
| Cisco NX-OS | =15.2\(3f\) | |
| Cisco NX-OS | =15.2\(3g\) | |
| Cisco NX-OS | =15.2\(4d\) | |
| Cisco NX-OS | =15.2\(4e\) | |
| Cisco NX-OS | =15.2\(4f\) | |
| Cisco NX-OS | =15.2\(5c\) | |
| Cisco NX-OS | =15.2\(5d\) | |
| Cisco NX-OS | =15.2\(5e\) | |
| Cisco NX-OS | =16.0\(1g\) | |
| Cisco NX-OS | =16.0\(1j\) | |
| Cisco NX-OS Nexus 9000 Series | ||
| Cisco Nexus 92160YC Switch | ||
| Cisco Nexus 92300YC Firmware | ||
| Cisco Nexus 92304QC Switch | ||
| Cisco Nexus 92348GC-X Switch | ||
| Cisco Nexus 9236C Switch | ||
| Cisco Nexus 9272Q Switch | ||
| Cisco Nexus | ||
| Cisco Nexus 93108TC-EX-24 Firmware | ||
| Cisco Nexus 93108TC-FX Switch | ||
| Cisco Nexus 93108TC-FX Switch | ||
| Cisco Nexus 93108TC-FX3P Firmware | ||
| Cisco Nexus 93120TX Firmware | ||
| Cisco Nexus 93128 Firmware | ||
| Cisco Nexus 9316D-GX Firmware | ||
| Cisco Nexus 93180LC-EX Switch | ||
| Cisco Nexus 93180YC-EX-24 | ||
| Cisco Nexus 93180YC-EX-24 Firmware | ||
| Cisco Nexus 93180YC-FX Firmware | ||
| Cisco Nexus 93180YC-FX-24 Firmware | ||
| Cisco Nexus 93180YC-FX3 Firmware | ||
| Cisco Nexus 93180YC-FX3S Firmware | ||
| Cisco Nexus 93216TC-FX2 Firmware | ||
| Cisco Nexus 93240YC-FX2 Firmware | ||
| Cisco Nexus 9332C Firmware | ||
| Cisco Nexus 9332D-GX2B Firmware | ||
| Cisco Nexus 9332PQ Firmware | ||
| Cisco Nexus 93360YC-FX2 | ||
| Cisco Nexus 9336C-FX2 Firmware | ||
| Cisco Nexus 9336C-FX2-E Firmware | ||
| Cisco Nexus N9336PQ-X | ||
| Cisco Nexus 9348D-GX2A | ||
| Cisco Nexus 9348GC-FXP Firmware | ||
| Cisco Nexus 93600CD-GX Firmware | ||
| Cisco Nexus 9364c-h1 | ||
| Cisco Nexus 9364C-GX Firmware | ||
| Cisco Nexus 9364D-GX2A Firmware | ||
| Cisco Nexus 9372PX-E | ||
| Cisco Nexus 9372PX-E Firmware | ||
| Cisco Nexus 9372TX | ||
| Cisco Nexus 9372TX-E Switch | ||
| Cisco Nexus 9396PX Firmware | ||
| Cisco Nexus 9396TX Firmware | ||
| Cisco Nexus 9408 | ||
| Cisco Nexus 9508 | ||
| Cisco Nexus 9808 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Nexus 9000 Series Fabric Switches vulnerability?
The vulnerability ID for this Cisco Nexus 9000 Series Fabric Switches vulnerability is CVE-2023-20089.
What is the severity level of CVE-2023-20089?
The severity level of CVE-2023-20089 is high with a CVSS score of 6.5.
What is the affected software in this vulnerability?
The affected software in this vulnerability is Cisco Nexus 9000 Series Fabric Switches running Cisco NX-OS versions 15.2(1g) to 16.0(1j).
How can an attacker exploit CVE-2023-20089?
An unauthenticated, adjacent attacker can exploit CVE-2023-20089 by causing a memory leak, which could result in an unexpected reload of the device.
Is there a fix for CVE-2023-20089?
Yes, Cisco has released software updates to address the vulnerability in CVE-2023-20089.
- agent/weakness
- agent/type
- agent/author
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/15.2\(1g\)
- version/cisco nx-os/15.2\(2e\)
- version/cisco nx-os/15.2\(2f\)
- version/cisco nx-os/15.2\(2g\)
- version/cisco nx-os/15.2\(2h\)
- version/cisco nx-os/15.2\(3e\)
- version/cisco nx-os/15.2\(3f\)
- version/cisco nx-os/15.2\(3g\)
- version/cisco nx-os/15.2\(4d\)
- version/cisco nx-os/15.2\(4e\)
- version/cisco nx-os/15.2\(4f\)
- version/cisco nx-os/15.2\(5c\)
- version/cisco nx-os/15.2\(5d\)
- version/cisco nx-os/15.2\(5e\)
- version/cisco nx-os/16.0\(1g\)
- version/cisco nx-os/16.0\(1j\)
- canonical/cisco nx-os nexus 9000 series
- canonical/cisco nexus 92160yc switch
- canonical/cisco nexus 92300yc firmware
- canonical/cisco nexus 92304qc switch
- canonical/cisco nexus 92348gc-x switch
- canonical/cisco nexus 9236c switch
- canonical/cisco nexus 9272q switch
- canonical/cisco nexus
- canonical/cisco nexus 93108tc-ex-24 firmware
- canonical/cisco nexus 93108tc-fx switch
- canonical/cisco nexus 93108tc-fx3p firmware
- canonical/cisco nexus 93120tx firmware
- canonical/cisco nexus 93128 firmware
- canonical/cisco nexus 9316d-gx firmware
- canonical/cisco nexus 93180lc-ex switch
- canonical/cisco nexus 93180yc-ex-24
- canonical/cisco nexus 93180yc-ex-24 firmware
- canonical/cisco nexus 93180yc-fx firmware
- canonical/cisco nexus 93180yc-fx-24 firmware
- canonical/cisco nexus 93180yc-fx3 firmware
- canonical/cisco nexus 93180yc-fx3s firmware
- canonical/cisco nexus 93216tc-fx2 firmware
- canonical/cisco nexus 93240yc-fx2 firmware
- canonical/cisco nexus 9332c firmware
- canonical/cisco nexus 9332d-gx2b firmware
- canonical/cisco nexus 9332pq firmware
- canonical/cisco nexus 93360yc-fx2
- canonical/cisco nexus 9336c-fx2 firmware
- canonical/cisco nexus 9336c-fx2-e firmware
- canonical/cisco nexus n9336pq-x
- canonical/cisco nexus 9348d-gx2a
- canonical/cisco nexus 9348gc-fxp firmware
- canonical/cisco nexus 93600cd-gx firmware
- canonical/cisco nexus 9364c-h1
- canonical/cisco nexus 9364c-gx firmware
- canonical/cisco nexus 9364d-gx2a firmware
- canonical/cisco nexus 9372px-e
- canonical/cisco nexus 9372px-e firmware
- canonical/cisco nexus 9372tx
- canonical/cisco nexus 9372tx-e switch
- canonical/cisco nexus 9396px firmware
- canonical/cisco nexus 9396tx firmware
- canonical/cisco nexus 9408
- canonical/cisco nexus 9508
- canonical/cisco nexus 9808