CVE-2024-20294
First published: Wed Feb 28 2024(Updated: )
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FX-OS | ||
| Cisco NX-OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20294?
The severity of CVE-2024-20294 is classified as high due to its potential for causing a denial of service condition.
How do I fix CVE-2024-20294?
To fix CVE-2024-20294, you should update your Cisco FXOS Software or Cisco NX-OS Software to the latest version that addresses this vulnerability.
Who is affected by CVE-2024-20294?
CVE-2024-20294 affects devices running Cisco FXOS Software and Cisco NX-OS Software that implement the Link Layer Discovery Protocol.
What type of vulnerability is CVE-2024-20294?
CVE-2024-20294 is a denial of service (DoS) vulnerability that can be exploited by unauthenticated adjacent attackers.
What should I do if I suspect a CVE-2024-20294 attack is happening?
If you suspect a CVE-2024-20294 attack, you should monitor your network for any unusual behavior and apply the necessary software updates immediately.
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco fx-os
- canonical/cisco nx-os