CVE-2024-20465

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20465
A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

5.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-repacl-9eXgnBpD Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:cisco:ios:15.2\(8\)e2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(8\)e3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(8\)e4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(8\)e5:*:*:*:*:*:*:*
History

24 Oct 2024, 19:46

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Cisco
Cisco ios
CPE cpe:2.3:o:cisco:ios:15.2\(8\)e5:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(8\)e4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(8\)e3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(8\)e2:*:*:*:*:*:*:*
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-repacl-9eXgnBpD - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-repacl-9eXgnBpD - Vendor Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en la programación de la lista de control de acceso (ACL) del software Cisco IOS que se ejecuta en los switches Cisco Industrial Ethernet de las series 4000, 4010 y 5000 podría permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe al manejo incorrecto de las ACL de IPv4 en las interfaces virtuales conmutadas cuando un administrador habilita y deshabilita el protocolo Resilient Ethernet (REP). Un atacante podría aprovechar esta vulnerabilidad al intentar enviar tráfico a través de un dispositivo afectado. Una explotación exitosa podría permitir al atacante omitir una ACL en el dispositivo afectado.

25 Sep 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-25 17:15

Updated : 2024-10-24 19:46

NVD link : CVE-2024-20465

Mitre link : CVE-2024-20465

CVE.ORG link : CVE-2024-20465

JSON object : View

Products Affected

cisco

  • ios
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024