Main Vulnerability Database Vulnerabilities #VU88807

Improper access control in Cisco IOS and Cisco IOS XE - CVE-2024-20373

Published: April 18, 2024

Vulnerability identifier: #VU88807

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-20373

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco IOS
Cisco IOS XE

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature. A remote attacker can bypass implemented security restrictions and perform SNMP operations that should be denied.

How to mitigate CVE-2024-20373

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww

Improper access control in Cisco IOS and Cisco IOS XE - CVE-2024-20373

Detailed vulnerability description

How to mitigate CVE-2024-20373

Sources

Please verify you're human