Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability
Description
A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Nexus 1000V VSM becomes inaccessible due to resource exhaustion from failed CLI login attempts with Secure Login Enhancements enabled.
Vulnerability
A denial of service (DoS) vulnerability exists in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere (Virtual Supervisor Module, VSM). The flaw stems from improper resource allocation during failed CLI login attempts when certain login parameters from Secure Login Enhancements are configured. Affected versions include Cisco NX-OS Software releases prior to the fixed versions indicated in the Cisco advisory [1].
Exploitation
An unauthenticated, remote attacker can exploit the vulnerability by sending a high volume of login attempts to the affected device. No authentication or prior access is required. The attacker needs only network connectivity to the VSM's management interface; the device does not need to have any other vulnerabilities or configurations beyond the Secure Login Enhancements feature being enabled [1].
Impact
Successful exploitation exhausts resources on the VSM, causing it to become inaccessible to legitimate users through the CLI. This leads to a denial of service condition that requires a manual power cycle of the VSM to restore normal operation. The attack does not grant any data access or code execution; it solely impairs availability [1].
Mitigation
Cisco has released free software updates that address this vulnerability. Customers should upgrade to a fixed NX-OS software version as specified in the Cisco Security Advisory [1]. No workaround is available. If a manual power cycle must be performed temporarily, users should contact Cisco TAC for guidance. The vulnerability is not listed on the CISA KEV catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dosmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.