Unauthenticated attackers in physical proximity to the network can cause severe network disruption by triggering Layer 2 traffic loops on Cisco Nexus switches.

The flaw exists in the Ethernet VPN (EVPN) Layer 2 ingress packet processing. An unauthenticated, adjacent attacker can send specially crafted packets to trigger a Layer 2 traffic loop, leading to network congestion and instability.

Layer 2 loops can quickly saturate network bandwidth, causing a complete loss of connectivity for affected segments. Because this attack can be performed without authentication, it poses a high risk to the availability of data center fabrics. The CVSS score of 7.4 reflects the high impact on network availability and the relative ease of exploitation from an adjacent position.

Immediate Action: Update the Cisco NX-OS software on affected Nexus 3600 and 9500-R series switches to the recommended fixed release.

Proactive Monitoring: Monitor for sudden spikes in CPU usage and unexpected increases in Layer 2 traffic patterns that may indicate a loop is occurring.

Compensating Controls: Implement port security and Layer 2 loop prevention mechanisms, such as Spanning Tree Protocol (STP) enhancements or storm control, to limit the impact of malicious packets.

Public Exploit Available: false

This vulnerability represents a significant threat to network uptime. Organizations should apply the necessary NX-OS updates immediately and ensure that Layer 2 security best practices are enforced across the data center fabric.