VDB
CVE-2026-20171
CVE-2026-20171
PUBLISHED
CVSS 6.800000190734863 MEDIUM
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect parsing of a transitive BGP attribute. An attacker could exploit this vulnerability by sending a crafted BGP update through an established BGP peer session. If the update propagates to an affected device, it could cause the device to drop the BGP session and flap with the BGP peer that is forwarding this update, resulting in a DoS condition.
EPSS 0.04% · 12.2th percentile
Risk Scores
CVSS 3.1
6.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.04%
12.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco NX-OS Software | 10.2(1), 10.2(1q), 10.2(2) |
Exploit Intelligence
- CIRCL seen: CVE-2026-20171 (circl-sighting)
- cisco-sa-bgp-iefab-3hb2pwtx (circl)
Timeline
- May 20, 2026 CVE Published
- May 20, 2026 CVE Updated
- May 20, 2026 PoC Published
- May 21, 2026 EPSS Score
- May 21, 2026 Coalition ESS Score
- May 21, 2026 Security Advisory
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score