Cisco NX-OS eBGP Remote DoS via RateLimiter Queue
CVE-2024-20321 Published on February 29, 2024
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.
Vulnerability Analysis
CVE-2024-20321 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2024-20321 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2024-20321
Want to know whenever a new CVE is published for Cisco Nx Os? stack.watch will email you.
Affected Versions
Cisco NX-OS Software:- Version 7.0(3)F1(1) is affected.
- Version 7.0(3)F2(1) is affected.
- Version 7.0(3)F2(2) is affected.
- Version 7.0(3)F3(1) is affected.
- Version 7.0(3)F3(2) is affected.
- Version 7.0(3)F3(3) is affected.
- Version 7.0(3)F3(3a) is affected.
- Version 7.0(3)F3(4) is affected.
- Version 7.0(3)F3(3c) is affected.
- Version 7.0(3)F3(5) is affected.
- Version 9.2(1) is affected.
- Version 9.2(2) is affected.
- Version 9.2(2t) is affected.
- Version 9.2(3) is affected.
- Version 9.2(4) is affected.
- Version 9.2(2v) is affected.
- Version 9.3(1) is affected.
- Version 9.3(2) is affected.
- Version 9.3(3) is affected.
- Version 9.3(4) is affected.
- Version 9.3(5) is affected.
- Version 9.3(6) is affected.
- Version 9.3(7) is affected.
- Version 9.3(7a) is affected.
- Version 9.3(8) is affected.
- Version 9.3(9) is affected.
- Version 9.3(10) is affected.
- Version 9.3(11) is affected.
- Version 9.3(12) is affected.
- Version 10.1(1) is affected.
- Version 10.1(2) is affected.
- Version 10.1(2t) is affected.
- Version 10.2(1) is affected.
- Version 10.2(1q) is affected.
- Version 10.2(2) is affected.
- Version 10.2(3) is affected.
- Version 10.2(3t) is affected.
- Version 10.2(4) is affected.
- Version 10.2(5) is affected.
- Version 10.2(3v) is affected.
- Version 10.2(6) is affected.
- Version 10.3(1) is affected.
- Version 10.3(2) is affected.
- Version 10.3(3) is affected.
- Version 10.3(99w) is affected.
- Version 10.3(99x) is affected.
- Version 10.3(4a) is affected.
- Version 10.4(1) is affected.
- Version 7.0\(3\)f1\(1\) is affected.
- Version 7.0\(3\)f2\(1\) is affected.
- Version 7.0\(3\)f2\(2\) is affected.
- Version 7.0\(3\)f3\(1\) is affected.
- Version 7.0\(3\)f3\(2\) is affected.
- Version 7.0\(3\)f3\(3\) is affected.
- Version 7.0\(3\)f3\(3a\) is affected.
- Version 7.0\(3\)f3\(4\) is affected.
- Version 7.0\(3\)f3\(3c\) is affected.
- Version 7.0\(3\)f3\(5\) is affected.
- Version 9.2\(1\) is affected.
- Version 9.2\(2\) is affected.
- Version 9.2\(2t\) is affected.
- Version 9.2\(3\) is affected.
- Version 9.2\(4\) is affected.
- Version 9.2\(2v\) is affected.
- Version 9.3\(1\) is affected.
- Version 9.3\(2\) is affected.
- Version 9.3\(3\) is affected.
- Version 9.3\(4\) is affected.
- Version 9.3\(5\) is affected.
- Version 9.3\(6\) is affected.
- Version 9.3\(7\) is affected.
- Version 9.3\(7a\) is affected.
- Version 9.3\(8\) is affected.
- Version 9.3\(9\) is affected.
- Version 9.3\(10\) is affected.
- Version 9.3\(11\) is affected.
- Version 9.3\(12\) is affected.
- Version 10.1\(1\) is affected.
- Version 10.1\(2\) is affected.
- Version 10.1\(2t\) is affected.
- Version 10.2\(1\) is affected.
- Version 10.2\(1q\) is affected.
- Version 10.2\(2\) is affected.
- Version 10.2\(3\) is affected.
- Version 10.2\(3t\) is affected.
- Version 10.2\(4\) is affected.
- Version 10.2\(5\) is affected.
- Version 10.2\(3v\) is affected.
- Version 10.2\(6\) is affected.
- Version 10.3\(1\) is affected.
- Version 10.3\(2\) is affected.
- Version 10.3\(3\) is affected.
- Version 10.3\(99w\) is affected.
- Version 10.3\(99x\) is affected.
- Version 10.3\(4a\) is affected.
- Version 10.4\(1\) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.