Skip to main content

Cisco EUVDEUVD-2026-15431

| CVE-2026-20084 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-03-25 cisco GHSA-m8vf-g949-jwr2
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:16 euvd
EUVD-2026-15431
Analysis Generated
Mar 25, 2026 - 16:16 vuln.today
CVE Published
Mar 25, 2026 - 16:02 nvd
HIGH 8.6

DescriptionCVE.org

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of BOOTP packets on Cisco Catalyst 9000 Series Switches. An attacker could exploit this vulnerability by sending BOOTP request packets to an affected device. A successful exploit could allow an attacker to forward BOOTP packets from one VLAN to another, resulting in BOOTP VLAN leakage and potentially leading to high CPU utilization. This makes the device unreachable (either through console or remote management) and unable to forward traffic, resulting in a DoS condition. Note: This vulnerability can be exploited with either unicast or broadcast BOOTP packets. There are workarounds that address this vulnerability.

AnalysisAI

Improper BOOTP packet handling in Cisco IOS XE Software on Catalyst 9000 Series Switches allows unauthenticated remote attackers to trigger VLAN leakage and cause device unavailability through resource exhaustion. An attacker can send crafted BOOTP requests to forward packets across VLANs, leading to high CPU utilization that renders the switch unreachable and unable to process traffic. No patch is currently available for this denial-of-service vulnerability.

Technical ContextAI

This vulnerability affects Cisco IOS XE Software running on Catalyst 9000 Series Switches, specifically the DHCP snooping security feature designed to filter untrusted DHCP messages and build a binding database. The affected product is identified by CPE cpe:2.3:a:cisco:cisco_ios_xe_software:*:*:*:*:*:*:*:*. The root cause is classified as CWE-400 (Uncontrolled Resource Consumption), where improper handling of BOOTP packets (the predecessor protocol to DHCP operating on UDP ports 67/68) causes resource exhaustion. When DHCP snooping is enabled, the switch should enforce VLAN boundaries for DHCP/BOOTP traffic, but the vulnerability allows specially crafted BOOTP request packets (either unicast or broadcast) to leak between VLANs and consume excessive CPU resources. Over 100 specific versions ranging from 16.6.x through 17.18.x are confirmed vulnerable according to ENISA EUVD-2026-15431.

RemediationAI

Upgrade to a fixed version of Cisco IOS XE Software as specified in the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootp-WuBhNBxA. Cisco indicates that workarounds are available to address this vulnerability, which likely involve modifying DHCP snooping configurations or implementing access control lists to filter BOOTP traffic at VLAN boundaries. Until patching is feasible, consult the advisory for specific workaround procedures, consider disabling DHCP snooping on non-critical VLANs if operationally acceptable, and implement network segmentation and rate-limiting on BOOTP/DHCP traffic to reduce attack surface. Monitor CPU utilization on affected switches for anomalous spikes that may indicate exploitation attempts.

Share

EUVD-2026-15431 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy