Cisco
CVE-2026-20010
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly.
This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
AnalysisAI
Cisco NX-OS devices can be forced to reload through a crafted LLDP packet sent by an adjacent, unauthenticated attacker, causing a denial of service condition. The vulnerability stems from improper frame field validation in the LLDP process, exploitable only from directly connected network segments. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | LLDP feature must be enabled on target Cisco NX-OS device interface. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.4 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker without authentication could exploit this vulnerability to cause the device to reload, resulting in a denial of service (DoS) condition. |
| Remediation | Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Cisco NX-OS devices and identify which are running vulnerable versions; assess network exposure to adjacent attackers. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-805 – Buffer Access with Incorrect Length Value
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today