If exploited, this vulnerability can repeatedly crash BGP routing sessions on Cisco Nexus 3000 and 9000 switches, which are commonly deployed as core or data center fabric switches in enterprise and service provider environments. Sustained BGP session flapping disrupts network routing, potentially taking down connectivity between data center segments, cloud interconnects, or inter-site links until the vulnerability is patched or BGP peer filtering is applied. The business consequence is network availability loss affecting any applications, services, or users dependent on routing through the affected switching fabric, with duration tied directly to how quickly remediation is applied.
You Are Affected If
You operate Cisco Nexus 3000 Series or Nexus 9000 Series switches in your environment
The affected switches are running in standalone NX-OS mode (not ACI mode)
BGP is configured and active on the affected devices
BGP peering sessions are reachable from external or untrusted network segments
You have not yet applied the patched NX-OS software release identified in Cisco advisory cisco-sa-bgp-iefab-3hb2pwtx
Board Talking Points
A publicly disclosed flaw in Cisco network switches used in data centers allows an unauthenticated attacker to disrupt network routing, potentially taking down connectivity for applications and users without any prior access to the environment.
Security teams should identify all affected Cisco Nexus switches, apply peer filtering controls immediately, and schedule the vendor-provided software update within the next patch cycle.
Without remediation, any attacker who can reach a BGP peering session on these switches can repeatedly crash routing, causing network outages whose duration is bounded only by how quickly the team responds.
