Strix
26.1K

CVE-2024-20321

HIGHCVSS 8.6/10EPSS 0.71%

Last modified

CVE-2024-20321 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. EPSS estimates a 0.71% chance of exploitation in the next 30 days.

Description

A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.

Metrics

CVSS 3.1
8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Probability
0.71%

48.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoNx-Os7.0\(3\)f1\(1\)
CiscoNx-Os7.0\(3\)f2\(1\)
CiscoNx-Os7.0\(3\)f2\(2\)
CiscoNx-Os7.0\(3\)f3\(1\)
CiscoNx-Os7.0\(3\)f3\(2\)
CiscoNx-Os7.0\(3\)f3\(3\)
CiscoNx-Os7.0\(3\)f3\(3a\)
CiscoNx-Os7.0\(3\)f3\(3c\)
CiscoNx-Os7.0\(3\)f3\(4\)
CiscoNx-Os7.0\(3\)f3\(5\)
CiscoNx-Os9.2\(1\)
CiscoNx-Os9.2\(2\)
CiscoNx-Os9.2\(2t\)
CiscoNx-Os9.2\(2v\)
CiscoNx-Os9.2\(3\)
CiscoNx-Os9.2\(4\)
CiscoNx-Os9.3\(1\)
CiscoNx-Os9.3\(2\)
CiscoNx-Os9.3\(3\)
CiscoNx-Os9.3\(4\)
CiscoNx-Os9.3\(5\)
CiscoNx-Os9.3\(6\)
CiscoNx-Os9.3\(7\)
CiscoNx-Os9.3\(7a\)
CiscoNx-Os9.3\(8\)
CiscoNx-Os9.3\(9\)
CiscoNx-Os9.3\(10\)
CiscoNx-Os9.3\(11\)
CiscoNx-Os9.3\(12\)
CiscoNx-Os10.1\(1\)
CiscoNx-Os10.1\(2\)
CiscoNx-Os10.1\(2t\)
CiscoNx-Os10.2\(1\)
CiscoNx-Os10.2\(1q\)
CiscoNx-Os10.2\(2\)
CiscoNx-Os10.2\(3\)
CiscoNx-Os10.2\(3t\)
CiscoNx-Os10.2\(3v\)
CiscoNx-Os10.2\(4\)
CiscoNx-Os10.2\(5\)
CiscoNx-Os10.2\(6\)
CiscoNx-Os10.3\(1\)
CiscoNx-Os10.3\(2\)
CiscoNx-Os10.3\(3\)
CiscoNx-Os10.3\(4a\)
CiscoNx-Os10.3\(99w\)
CiscoNx-Os10.3\(99x\)
CiscoNx-Os10.4\(1\)

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2024-20321?
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.
How severe is CVE-2024-20321?
CVE-2024-20321 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 0.71% probability of exploitation in the next 30 days.
How do I fix CVE-2024-20321?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-20321?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST