Cisco Nx-Os Software vulnerabilities

CVE-2026-20010 [HIGH] CWE-805 CVE-2026-20010: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could al A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit t

CVE-2026-20051 [HIGH] CWE-457 CVE-2026-20051: A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 P A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attac

CVE-2025-20241 [HIGH] CWE-733 CVE-2025-20241: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Sof A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload

CVE-2025-20290 [MEDIUM] CWE-200 CVE-2025-20290: A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive

CVE-2025-20292 [MEDIUM] CWE-78 CVE-2025-20292: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of us

CVE-2025-20262 [MEDIUM] CWE-476 CVE-2025-20262: A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 S A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is

CVE-2025-20191 [HIGH] CWE-805 CVE-2025-20191: A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS X A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the incorrect h

CVE-2025-20111 [HIGH] CWE-1220 CVE-2025-20111: A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco N A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of s

CVE-2025-20161 [MEDIUM] CWE-78 CVE-2025-20161: A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to

CVE-2024-20397 [MEDIUM] CWE-284 CVE-2024-20397: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker wi A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vul

CVE-2024-20284 [MEDIUM] CWE-693 CVE-2024-20284: A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerab

CVE-2024-20286 [MEDIUM] CWE-693 CVE-2024-20286: A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerab

CVE-2024-20446 [HIGH] CWE-476 CVE-2024-20446: A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, re A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv

CVE-2024-20285 [MEDIUM] CWE-653 CVE-2024-20285: A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerab

CVE-2024-20413 [MEDIUM] CWE-862 CVE-2024-20413: A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access th

CVE-2024-20289 [MEDIUM] CWE-78 CVE-2024-20289: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, loc A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including

CVE-2024-20411 [MEDIUM] CWE-267 CVE-2024-20411: A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could

CVE-2024-20399 [MEDIUM] CWE-78 CVE-2024-20399: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession o A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An at

CVE-2024-20321 [HIGH] CWE-400 CVE-2024-20321: A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Softwar A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulner

CVE-2024-20267 [HIGH] CWE-120 CVE-2024-20267: A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenti A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame.