Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability
Description
A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A resource handling flaw in Cisco NX-OS on MDS 9000 switches allows unauthenticated remote attackers to cause DoS via high-rate traffic to mgmt0.
Vulnerability
A resource handling vulnerability in Cisco NX-OS Software for MDS 9000 Series Multilayer Switches allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The flaw resides in the resource handling system and is triggered when high-rate traffic is sent to the management interface (mgmt0). Affected devices run NX-OS on MDS 9000 series switches. [1]
Exploitation
An attacker can exploit this vulnerability by sending a high volume of network traffic to the mgmt0 interface from a remote, unauthenticated position. No special privileges or user interaction are required; the attacker only needs network connectivity to the management interface. [1]
Impact
Successful exploitation leads to excessive CPU usage, process crashes, or full system reboots, resulting in a denial of service condition. The device may become unavailable for legitimate management and data-plane operations. [1]
Mitigation
Cisco has provided free software updates to address this vulnerability. The fixed releases are detailed in the Cisco Security Advisory [1]. Customers should upgrade to a fixed software version. No workaround is available; enabling control plane policing or restricting access to mgmt0 may reduce risk but does not eliminate the vulnerability. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dosmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.