The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic “is mapped to a shared hardware rate-limiter queue”, allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition.

According to Cisco, under certain conditions, the security defect impacts Nexus 3600 series switches and Nexus 9500 R-series line cards, including the following product IDs: N3K-C36180YC-R, N3K-C3636C-R, N9K-X9624D-R2, N9K-X9636C-R, N9K-X9636C-RX, N9K-X9636Q-R, and N9K-X96136YC-R.