CVE-2024-20294

Name: CVE-2024-20294
Creator: NVD / NIST
Published: 2024-02-29T01:43:59.207+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.6/10EPSS 0.32%

Last modified Jun 17, 2026

CVE-2024-20294 is a medium-severity vulnerability rated 6.6/10 on the CVSS scale. A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. EPSS estimates a 0.32% chance of exploitation in the next 30 days.

Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

Metrics

CVSS 3.1

6.6/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

EPSS Probability

0.32%

23.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-805

Affected Software

Vendor	Product	Versions
Cisco	Firepower Extensible Operating System	2.2.1.63
Cisco	Firepower Extensible Operating System	2.2.1.66
Cisco	Firepower Extensible Operating System	2.2.1.70
Cisco	Firepower Extensible Operating System	2.2.2.17
Cisco	Firepower Extensible Operating System	2.2.2.19
Cisco	Firepower Extensible Operating System	2.2.2.24
Cisco	Firepower Extensible Operating System	2.2.2.26
Cisco	Firepower Extensible Operating System	2.2.2.28
Cisco	Firepower Extensible Operating System	2.2.2.54
Cisco	Firepower Extensible Operating System	2.2.2.60
Cisco	Firepower Extensible Operating System	2.2.2.71
Cisco	Firepower Extensible Operating System	2.2.2.83
Cisco	Firepower Extensible Operating System	2.2.2.86
Cisco	Firepower Extensible Operating System	2.2.2.91
Cisco	Firepower Extensible Operating System	2.2.2.97
Cisco	Firepower Extensible Operating System	2.2.2.101
Cisco	Firepower Extensible Operating System	2.2.2.137
Cisco	Firepower Extensible Operating System	2.2.2.148
Cisco	Firepower Extensible Operating System	2.2.2.149
Cisco	Firepower Extensible Operating System	2.3.1.56
Cisco	Firepower Extensible Operating System	2.3.1.58
Cisco	Firepower Extensible Operating System	2.3.1.66
Cisco	Firepower Extensible Operating System	2.3.1.73
Cisco	Firepower Extensible Operating System	2.3.1.75
Cisco	Firepower Extensible Operating System	2.3.1.88
Cisco	Firepower Extensible Operating System	2.3.1.91
Cisco	Firepower Extensible Operating System	2.3.1.93
Cisco	Firepower Extensible Operating System	2.3.1.99
Cisco	Firepower Extensible Operating System	2.3.1.110
Cisco	Firepower Extensible Operating System	2.3.1.111
Cisco	Firepower Extensible Operating System	2.3.1.130
Cisco	Firepower Extensible Operating System	2.3.1.144
Cisco	Firepower Extensible Operating System	2.3.1.145
Cisco	Firepower Extensible Operating System	2.3.1.155
Cisco	Firepower Extensible Operating System	2.3.1.166
Cisco	Firepower Extensible Operating System	2.3.1.173
Cisco	Firepower Extensible Operating System	2.3.1.179
Cisco	Firepower Extensible Operating System	2.3.1.180
Cisco	Firepower Extensible Operating System	2.3.1.190
Cisco	Firepower Extensible Operating System	2.3.1.215
Cisco	Firepower Extensible Operating System	2.3.1.216
Cisco	Firepower Extensible Operating System	2.3.1.219
Cisco	Firepower Extensible Operating System	2.3.1.230
Cisco	Firepower Extensible Operating System	2.6.1.131
Cisco	Firepower Extensible Operating System	2.6.1.157
Cisco	Firepower Extensible Operating System	2.6.1.166
Cisco	Firepower Extensible Operating System	2.6.1.169
Cisco	Firepower Extensible Operating System	2.6.1.174
Cisco	Firepower Extensible Operating System	2.6.1.187
Cisco	Firepower Extensible Operating System	2.6.1.192

Showing 50 of 657 affected configurations. See NVD for the full list.

References

Timeline

Published: Feb 29, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-20294?

How severe is CVE-2024-20294?

CVE-2024-20294 has a CVSS score of 6.6/10 (MEDIUM severity). The EPSS model estimates a 0.32% probability of exploitation in the next 30 days.

How do I fix CVE-2024-20294?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-20294?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST