SB2026052147 - Denial of service in Cisco Nexus 3000 and 9000 Series Switches

Description

This security bulletin contains information about 1 vulnerability.

1) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2026-20171)

CWE-ID: CWE-670 - Always-Incorrect Control Flow Implementation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to incorrect parsing in the Border Gateway Protocol (BGP) enforce-first-as feature when processing a crafted transitive BGP attribute in an established BGP peer session. A remote attacker can send a crafted BGP update to cause a denial of service.

The issue can cause the device to drop the BGP session and flap with the forwarding BGP peer. The affected feature is enabled by default when BGP is configured.

This vulnerability affects Cisco Nexus 3000 and 9000 Series Switches.

Remediation

Install update from vendor's website.

References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx 
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr23951