7.7
CVE-2026-20048
- EPSS 0.22%
- Veröffentlicht 25.02.2026 16:26:28
- Zuletzt bearbeitet 27.02.2026 14:06:59
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a DoS condition. Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv1 or SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco NX-OS System Software in ACI Mode
Default Statusunknown
Version
15.2(1g)
Status
affected
Version
15.2(2e)
Status
affected
Version
15.2(2f)
Status
affected
Version
15.2(2g)
Status
affected
Version
15.2(2h)
Status
affected
Version
15.2(3f)
Status
affected
Version
15.2(3e)
Status
affected
Version
15.2(3g)
Status
affected
Version
15.2(4d)
Status
affected
Version
15.2(4e)
Status
affected
Version
15.2(5c)
Status
affected
Version
15.2(5d)
Status
affected
Version
16.0(1g)
Status
affected
Version
15.2(5e)
Status
affected
Version
15.2(4f)
Status
affected
Version
15.2(6e)
Status
affected
Version
15.2(6h)
Status
affected
Version
16.0(1j)
Status
affected
Version
15.2(6g)
Status
affected
Version
15.2(7f)
Status
affected
Version
15.2(7g)
Status
affected
Version
16.0(2h)
Status
affected
Version
15.2(8d)
Status
affected
Version
16.0(2j)
Status
affected
Version
15.2(8e)
Status
affected
Version
16.0(3d)
Status
affected
Version
16.0(3e)
Status
affected
Version
15.2(8f)
Status
affected
Version
15.2(8g)
Status
affected
Version
15.3(1d)
Status
affected
Version
15.2(8h)
Status
affected
Version
16.0(4c)
Status
affected
Version
15.3(2a)
Status
affected
Version
15.2(8i)
Status
affected
Version
16.0(5h)
Status
affected
Version
15.3(2b)
Status
affected
Version
16.0(3g)
Status
affected
Version
16.0(5j)
Status
affected
Version
15.3(2c)
Status
affected
Version
16.0(6c)
Status
affected
Version
15.3(2d)
Status
affected
Version
16.1(1f)
Status
affected
Version
16.0(7e)
Status
affected
Version
16.0(8e)
Status
affected
Version
15.3(2e)
Status
affected
Version
16.0(8f)
Status
affected
Version
16.1(2f)
Status
affected
Version
16.1(2g)
Status
affected
Version
15.3(2f)
Status
affected
Version
16.0(9c)
Status
affected
Version
16.1(3f)
Status
affected
Version
16.0(9d)
Status
affected
Version
16.0(6h)
Status
affected
Version
16.0(8h)
Status
affected
Version
16.1(3g)
Status
affected
Version
16.0(9e)
Status
affected
Version
16.1(4h)
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.44 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.