CVE-2026-20033

{"id": "CVE-2026-20033", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2026-02-25T17:25:24.560", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cpdos-qLsv6pFD", "source": "psirt@cisco.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-805"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation when processing specific Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to the management interface of an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\nNote: Only the out-of-band (OOB) management interface is affected."}, {"lang": "es", "value": "Una vulnerabilidad en los switches de tejido Cisco Nexus serie 9000 en modo ACI podr\u00eda permitir a un atacante adyacente no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\n\nEsta vulnerabilidad se debe a una validaci\u00f3n insuficiente al procesar tramas Ethernet espec\u00edficas. Un atacante podr\u00eda explotar esta vulnerabilidad al enviar una trama Ethernet manipulada a la interfaz de gesti\u00f3n de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el dispositivo se recargue inesperadamente, lo que resultar\u00eda en una condici\u00f3n de DoS.\nNota: Solo la interfaz de gesti\u00f3n fuera de banda (OOB) se ve afectada."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@cisco.com"}