CVE-2023-20089
CVE-2023-20089 is a high-severity vulnerability in Cisco Nx-os with a CVSS 3.x base score of 7.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-401.
Key facts
- Severity: High (CVSS 3.x base score 7.4)
- EPSS exploit prediction: 0% (21st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-401
- Affected product: Cisco Nx-os
- Published:
- Last modified:
Description
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.
Frequently asked questions
- What is CVE-2023-20089?
- A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.
- How severe is CVE-2023-20089?
- CVE-2023-20089 has a CVSS 3.x base score of 7.4, rated high severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2023-20089 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (21st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-20089?
- CVE-2023-20089 primarily affects Cisco Nx-os. In total, 16 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2023-20089?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2023-20089 published?
- CVE-2023-20089 was published on 2023-02-23 and last updated on 2026-06-17.
References
Affected products (16)
- cpe:2.3:o:cisco:nx-os:15.2\(1g\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(2e\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(2f\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(2g\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(2h\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(3e\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(3f\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(3g\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(4d\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(4e\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(4f\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(5c\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(5d\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:15.2\(5e\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:16.0\(1g\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:16.0\(1j\):*:*:*:*:*:*:*
More vulnerabilities in Cisco Nx-os
- CVE-2021-1361 — Critical (CVSS 9.8): A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and…
- CVE-2018-0310 — Critical (CVSS 9.8): A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an…
- CVE-2018-0301 — Critical (CVSS 9.8): A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft…
- CVE-2016-1453 — Critical (CVSS 9.8): Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000…
- CVE-2016-1341 — Critical (CVSS 9.8): Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password,…
- CVE-2015-4235 — Critical (CVSS 9.0): Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j)…
All CVEs affecting Cisco Nx-os →
Other CWE-401 (Missing Release of Memory after Effective Lifetime) vulnerabilities
- CVE-2022-0742 — Critical (CVSS 9.1): Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go…
- CVE-2024-25450 — High (CVSS 8.8): imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
- CVE-2023-33718 — High (CVSS 8.8): mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp
- CVE-2021-40633 — High (CVSS 8.8): A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of…
- CVE-2021-3492 — High (CVSS 8.8): Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring…
- CVE-2019-17340 — High (CVSS 8.8): An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain…
Browse all CWE-401 (Missing Release of Memory after Effective Lifetime) vulnerabilities →