CVE-2024-20294

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software (affected versions not specified) Cisco NX-OS Software (affected versions not specified)

Description A vulnerability in the Link Layer Discovery Protocol (LLDP) feature could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash, potentially resulting in a reload of the affected device. The attacker would need to be directly connected to an interface of an affected device, either physically or logically.

Recommendations For Cisco FXOS Software, update to a version that includes the fix for this vulnerability. For Cisco NX-OS Software, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the LLDP protocol to minimize the risk of exploitation. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but Cisco has released software updates that address this issue.