CVE-2024-20319

CWE-284Improper Access Control4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 97.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedMar 13

Description

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination a

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software93 versions+92
NVDcisco/ios_xr93 versions+92

🔴Vulnerability Details

2
GHSA
GHSA-936v-x9xm-gc22: A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management2024-03-13
CVEList
CVE-2024-20319: A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management2024-03-13

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability2024-03-13
CVE-2024-20319 (MEDIUM CVSS 4.3) | A vulnerability in the UDP forwardi | cvebase.io