#VU97728 Incorrect authorization in Cisco Systems, Inc products - CVE-2024-20510
Published: September 26, 2024
Vulnerability identifier: #VU97728
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-20510
CWE-ID: CWE-863
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Catalyst 9800-CL Wireless Controllers for Cloud
Catalyst 9800 Embedded Wireless Controller
Catalyst 9800 Series Wireless Controllers
Embedded Wireless Controllers on Catalyst Access Points
Cisco IOS XE
Catalyst 9800-CL Wireless Controllers for Cloud
Catalyst 9800 Embedded Wireless Controller
Catalyst 9800 Series Wireless Controllers
Embedded Wireless Controllers on Catalyst Access Points
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to a logic error in the Central Web Authentication (CWA) feature. A remote attacker on the local network can bypass configured ACL protections on the target device before the user authentication is completed and access trusted networks that the device might be protecting.
Remediation
Install updates from vendor's website.