CVE-2024-20315
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en las interfaces MPLS en la dirección de ingreso del software Cisco IOS XR podría permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una asignación incorrecta de claves de búsqueda a contextos de interfaz interna. Un atacante podría aprovechar esta vulnerabilidad intentando enviar tráfico a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante acceder a recursos detrás del dispositivo afectado que se suponía estaban protegidos por una ACL configurada.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-11-08 CVE Reserved
- 2024-03-13 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.9.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.9.1" | en |
Affected
| ||||||
Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.9.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.9.2" | en |
Affected
| ||||||
Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.10.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.10.1" | en |
Affected
|