CVE-2024-20371
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.
This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.11.3 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.12.0 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.16.0 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.17.1 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.11.1 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.11.2 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.15.0 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.13.0 | affected |
| Cisco | Cisco Nexus 3550 System Software | 3550-F_1.14.0 | affected |
Weaknesses
- CWE-264: Permissions, Privileges, and Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.