CVE-2024-20465 — Improper Access Control in Cisco IOS

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.1%

top 68.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedSep 25

Description

A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). An attacker could exploit this vulnerability by attempting to send traffic through an affecte…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/ios4 versions+3

▶NVDcisco/ios4 versions+3

🔴Vulnerability Details

GHSA

GHSA-q728-88fr-65v3: A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Sw↗2024-09-25

▶

CVEList

CVE-2024-20465: A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Sw↗2024-09-25

▶

📋Vendor Advisories

Cisco

Cisco IOS Software on Cisco Industrial Ethernet Series Switches Access Control List Bypass Vulnerability↗2024-09-25

▶