CyberWatch
Expert Insights
Events & Webinars
Press
Emerging Voices CyberWatch 
|
.
CyberWatch

Vulnerability Patched in NX-OS Software

By

By

Access Point Consulting

Summary

A vulnerability has been discovered and patched in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software. The vulnerability is categorized as CVE-2024-20321 (CVSS 3.1: 8.6) and can allow for an unauthenticated remote attacker to cause a denial of service (DoS) on the affected device. Exploitation can allow for an attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition.

Impact Assessment

This vulnerability has a network attack vector, low attack complexity, and requires no privileges or user interaction. However, as it only provides a denial-of-service condition, there is no chance data can be leaked or privileges escalated as a result of exploitation.

Affected Products:

Cisco Nexus 3600 Series Switches and Cisco Nexus 9500 R-Series Line Cards.

·       N3K-C36180YC-R

·       N3K-C3636C-R

·       N9K-X9624D-R2

·       N9K-X9636C-R

·       N9K-X9636C-RX

·       N9K-X9636Q-R

·       N9K-X96136YC-R

They are only affected if BGP functionality is enabled and is configured with at least one BGL neighbor with a different Autonomous System value.

There are more details on how to determine whether BGP is enabled in Cisco’s advisory.

Utilizing the Cisco Software Checker you can update the software required to remediate, follow the instructions provided on that page.

What it means for you

If you utilize this software or any of the affected products in your environment consult the advisory and apply updates where applicable. This may have to be coordinated with an engineering team, as the upgrade is to a network device.

Business Implications

As a result of exploitation, a denial-of-service condition can be applied. This can cause business disruption depending on what the affected devices are used for. The costs associated will be business loss based on what service is being denied access to and costs associated with possible emergency meetings to find a solution which works with your unique IT environment.

Access Point Technology Recommends

Patch: Patching the vulnerable device will remediate the vulnerability and prevent exploitation.

Prepare: Refer to documentation regarding denial of service attacks and prepare for the possibility of exploitation.

Associated Bulletins

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ

https://nvd.nist.gov/vuln/detail/CVE-2024-20321

Resources

Latest Resources

April 10, 2025

Employing the Concept of “Continuity of Care” in Cybersecurity

My wife, Kelly, was a pediatric nurse, having worked in healthcare for over 30 years. I'm biased, but she always got high marks in her profession, from both her peers and from patients for whom she provided care. She provided a level of care that was absolutely critical to ensure patients receive consistent, high-quality treatment across all stages of care. The importance of documentation, communication and a continuity of care was imperative – children’s lives depended on it. But what does continuity of care look like outside the world of healthcare? In the realm of cybersecurity consulting, the principle of continuity is just as vital and plays a pivotal role in safeguarding organizations from evolving cyber threats.

Find out more

April 2, 2025

Scott "Monty" Montgomery (Island) | Navigating CMMC compliance for organizations of every size

Scott Montgomery, known as Monty, joined the CyberWatch Expert Series podcast to discuss his extensive background in cybersecurity, particularly in building and designing network security tools for high-assurance environments like the Department of Defense (DoD) and the intelligence community. His experience includes significant tenure at McAfee (now Trellix), which led him to his current role at Island, where he focuses on innovative approaches to cybersecurity compliance.

Find out more

February 24, 2025

Access Point Consulting Announces MSSP Partnership with Fortinet

Access Point Consulting is pleased to announce that it has become a Fortinet Managed Security Services Provider (MSSP) partner. This partnership places Access Point Consulting among a select group of providers in the Mid-Atlantic region that can offer Fortinet security solutions as both a Certified Fortinet Partner and a Fortinet MSSP.

Find out more
Resources

CyberWatch

April 2, 2025

Scott "Monty" Montgomery (Island) | Navigating CMMC compliance for organizations of every size

Scott Montgomery, known as Monty, joined the CyberWatch Expert Series podcast to discuss his extensive background in cybersecurity, particularly in building and designing network security tools for high-assurance environments like the Department of Defense (DoD) and the intelligence community. His experience includes significant tenure at McAfee (now Trellix), which led him to his current role at Island, where he focuses on innovative approaches to cybersecurity compliance.

Find out more
March 19, 2025

Michael Sviben (DomainGuard) | Defending against phishing and building proactive security awareness

Cybersecurity threats evolve rapidly, and one tactic consistently rises above the rest: phishing. In this episode of CyberWatch, Michael Sviben, co-founder of DomainGuard, discusses why phishing remains so effective, how businesses and individuals become targets, and what you can do to stay vigilant.

Find out more
March 5, 2025

David Habib (Brightspot) | Building a culture of cybersecurity awareness

Cybersecurity awareness is often reduced to check-the-box training, but David Habib, CIO at Brightspot, argues that real security awareness isn’t about formal programs—it’s about making security part of a company’s culture. In this episode, he shares practical insights on how organizations can move beyond stale training sessions to create an engaged and security-conscious workforce.

Find out more

Peace of mind starts here, at Access Point Consulting

Meet with an Expert