PatchSiren cyber security CVE debrief
CVE-2026-20171 Cisco CVE debrief
CVE-2026-20171 is a Cisco-reported BGP denial-of-service issue affecting Nexus 3000 Series and Nexus 9000 Series Switches in standalone NX-OS mode. A remote attacker who can get a crafted BGP update delivered through an established peer session may cause incorrect parsing of a transitive BGP attribute, leading the device to drop the BGP session and flap with the forwarding peer. The practical impact is disruption of routing stability and a denial of service condition. The CVE was published on 2026-05-20 and was still marked "Awaiting Analysis" in NVD at the time of the provided source snapshot.
- Vendor
- Cisco
- Product
- Cisco NX-OS Software
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-20
- Original CVE updated
- 2026-05-20
- Advisory published
- 2026-05-20
- Advisory updated
- 2026-05-20
Who should care
Network teams operating Cisco Nexus 3000 or Nexus 9000 switches in standalone NX-OS mode, especially environments that use BGP and the enforce-first-as feature. Routing engineers and incident responders should also pay attention because the effect is service disruption rather than data theft.
Technical summary
The issue is described as incorrect parsing of a transitive BGP attribute in the enforce-first-as feature. An attacker does not need local access or authentication, but must be able to inject a crafted BGP update into an established BGP peer session so it can propagate to an affected device. On receipt, the device may drop the BGP session and repeatedly flap with the peer forwarding the update. NVD’s provided vector indicates network access, no privileges, no user interaction, scope change, and high availability impact, with no confidentiality or integrity impact reported.
Defensive priority
Medium-high. This is a remotely reachable routing-service disruption issue that can affect network availability and stability, but the provided corpus does not indicate code execution or data compromise. Prioritize if you operate the affected Cisco platforms with external or transit BGP relationships.
Recommended defensive actions
- Confirm whether any Cisco Nexus 3000 or 9000 switches are running standalone NX-OS mode and using BGP enforce-first-as.
- Review Cisco’s advisory for affected configurations and vendor remediation guidance.
- Monitor BGP session stability and routing logs for unexpected peer flaps on the affected devices.
- Restrict who can form or influence BGP peer sessions and validate route-origin and update paths where operationally feasible.
- Plan remediation during a maintenance window if Cisco guidance indicates a software fix or configuration change is required.
Evidence notes
Source evidence is limited to the provided NVD record and the linked Cisco PSIRT advisory reference. The NVD snapshot lists the vulnerability status as "Awaiting Analysis" and attributes the issue to Cisco PSIRT with a reference to Cisco advisory cisco-sa-bgp-iefab-3hb2pwtx. The description states the affected products are Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode, and that the flaw can cause BGP peer flaps and denial of service. No exploit details, fixed versions, or additional affected platforms were present in the supplied corpus.
Official resources
-
CVE-2026-20171 CVE record
CVE.org
-
CVE-2026-20171 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Cisco PSIRT advisory reference and the NVD publication record were both dated 2026-05-20 in the provided source data. No public exploit or KEV listing was included in the supplied corpus.