Cisco
CVE-2026-20051
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop.
This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device. Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.
AnalysisAI
Cisco Nexus 3600 and 9500-R switches are vulnerable to Layer 2 traffic loops when processing maliciously crafted EVPN frames, allowing unauthenticated adjacent attackers to trigger a denial of service condition by overwhelming network bandwidth. An attacker can exploit this logic error in Layer 2 ingress packet processing by sending crafted Ethernet frames, causing VxLAN traffic loops that drop all data plane traffic. No patch is currently available for this vulnerability.
Technical ContextAI
exists in the a denial of component. with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop.
This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to
Affected ProductsAI
Component: a denial of.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-457 – Use of Uninitialized Variable
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today