Cisco Security Advisory
Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
Click Icon to Copy Verbose Score
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
-
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly.
This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3This advisory is part of the February 2026 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2026 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
-
Vulnerable Products
This vulnerability affects the following Cisco products if they are running a vulnerable software release and have the LLDP feature enabled globally and on at least one interface:
- Nexus 3000 Series Switches (CSCwi75282)
- Nexus 9000 Series Fabric Switches in ACI mode (CSCwq33193)
- Nexus 9000 Series Switches in standalone NX-OS mode (CSCwi75282)
- UCS X-Series Direct Fabric Interconnects 9108 100G (CSCwq60777)
For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.
Determine the Status of LLDP on Cisco NX-OS Software in Standalone Mode
The LLDP feature is disabled by default on Cisco Nexus Switches that are running Cisco NX-OS Software in standalone mode. To determine if the LLDP feature has been enabled, use the show feature | include lldp command at the device CLI. The following example shows that the LLDP feature is enabled:
switch# show feature | include lldp
lldp 1 enabledIf the LLDP feature has been enabled, LLDP is also enabled on all interfaces by default. The processing of incoming LLDP packets can be selectively disabled on a specific interface by using the no lldp receive interface-level configuration command.
To determine the status of LLDP on a specific interface, use the show lldp interface ethernet module/interface command at the device CLI. If the enable (rx) status is set to Y, the interface accepts incoming LLDP packets, as shown in the following example:
switch# show lldp interface ethernet 1/1
Interface Information:
Enable (tx/rx/dcbx): Y/Y/Y Port Mac address: 00:a6:ca:b6:84:5aDetermine the Status of LLDP on Cisco Nexus 9000 Series Fabric Switches in ACI Mode
The LLDP feature is enabled by default on Cisco Nexus 9000 Series Fabric Switches in ACI mode and cannot be fully disabled. LLDP is enabled by default on all fabric ports and access ports.
The processing of incoming LLDP packets can be selectively disabled on a specific access port by using the no lldp receive interface-level configuration command from the APIC NX-OS style CLI, or by having LLDP disabled in the applied access policy. For more information, see the Access Policies Overview section of the Cisco Application Centric Infrastructure Fundamentals Guide.
To determine the status of LLDP on a specific interface, use the show lldp interface ethernet module/interface command at the device CLI. If the enable (rx) status is set to Y, the interface accepts incoming LLDP packets, as shown in the following example:
switch# show lldp interface ethernet 1/1
Interface Information:
Enable (tx/rx/dcbx): Y/Y/N Port Mac address: 50:87:89:a2:10:39Determine the Status of LLDP on Cisco UCS X-Series Direct Fabric Interconnects 9108 100G
The LLDP feature is enabled by default on Cisco UCS X-Series Direct Fabric Interconnect 9108 100G and cannot be fully disabled. LLDP is always enabled on the following interfaces:
- Ethernet uplink ports (network interfaces that connect to upstream switches for network connectivity)
- Ethernet port channel members
- Fibre Channel over Ethernet (FCoE) uplink ports
- Management interface (mgmt0)
LLDP may also be enabled on server ports (interfaces that are presented to the servers in the Cisco UCS Manager domain) and appliance ports (interfaces that connect to directly attached NFS storage) through a network control policy. For more information, see the Configuring Network Control Policies section of the Cisco UCS Manager Network Management Guide.
To determine the status of LLDP on a specific interface, use the connect nxos command at the device CLI, then use the show lldp interface ethernet module/interface command. If the enable (rx) status is set to Y, the interface accepts incoming LLDP packets, as shown in the following example:
FI-A# show lldp interface ethernet 1/1
Interface Information:
Enable (tx/rx/dcbx):Y/Y/Y Port Mac address: 00:c8:8b:84:a2:54
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
- Firepower 1000 Series
- Firepower 2100 Series
- Firepower 4100 Series
- Firepower 9300 Security Appliances
- MDS 9000 Series Multilayer Switches
- Nexus 5500 Platform Switches
- Nexus 5600 Platform Switches
- Nexus 6000 Series Switches
- Nexus 7000 Series Switches
- Secure Firewall 3100 Series
- Secure Firewall 4200 Series
- UCS 6300 Series Fabric Interconnects
- UCS 6400 Series Fabric Interconnects
-
There are no workarounds that address this vulnerability.
-
Cisco considers any workarounds and mitigations (if applicable) to be temporary solutions until an upgrade to a fixed software release is available. To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory.
Cisco NX-OS Software
To help customers determine their exposure to vulnerabilities in Cisco NX-OS Software, Cisco provides the Cisco Software Checker. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories that the Software Checker identifies (“Combined First Fixed”).
To use the tool, go to the Cisco Software Checker page and follow the instructions. Alternatively, use the following form to search for vulnerabilities that affect a specific software release. To use the form, follow these steps:
- Choose which advisories the tool will search-only this advisory, only advisories with a Critical or High Security Impact Rating (SIR), or all advisories.
- Choose the appropriate software.
- Choose the appropriate platform.
- Enter a release number-for example, 10.4(4) for Cisco Nexus 3000 Series Switches or 16.0(8e) for Cisco NX-OS Software in ACI mode.
- Click Check.
Cisco UCS Software
In the following table, the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first vulnerable release. The right column indicates the first release that includes the fix for this vulnerability.
UCS 9108 100G Fabric Interconnects
Cisco UCS Software Release First Fixed Release for UCS Manager Mode First Fixed Release for Intersight Managed Mode 4.3 4.3(6e) 4.3(6.260003) 6.0 Not vulnerable Not vulnerable The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.
Additional Resources
For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, see the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance.
Cisco MDS Series Switches
Cisco Nexus 3000 Series Switches
Cisco Nexus 5500 Platform Switches
Cisco Nexus 5600 Platform Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco Nexus 9000 Series ACI-Mode SwitchesTo determine the best release for Cisco UCS Software, see the Recommended Releases documents in the release notes for the device.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
-
This vulnerability was found during the resolution of a Cisco Technical Assistance Center (TAC) support case.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessVersion Description Section Status Date 1.0 Initial public release. - Final 2026-FEB-25
-
SOFTWARE DOWNLOADS AND TECHNICAL SUPPORT
The Cisco Support and Downloads page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. Please note that customers may download only software that was procured from Cisco directly or through a Cisco authorized reseller or partner and for which the license is still valid.
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC). Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
When considering software upgrades, customers are advised to regularly consult the advisories for the relevant Cisco products to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
LEGAL DISCLAIMER DETAILS
CISCO DOES NOT MAKE ANY EXPRESS OR IMPLIED GUARANTEES OR WARRANTIES OF ANY KIND, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CISCO DOES NOT GUARANTEE THE ACCURACY OR COMPLETENESS OF THIS INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Copies or summaries of the information contained in this Security Advisory may lack important information or contain factual errors. Customers are advised to visit the Cisco Security Advisories page for the most recent version of this Security Advisory. The Cisco Product Security Incident Response Team (PSIRT) assesses only the affected and fixed release information that is documented in this advisory. See the Cisco Security Vulnerability Policy for more information.