FKIE_CVE-2024-20322

Vulnerability from fkie_nvd - Published: 2024-03-13 17:15 - Updated: 2025-08-05 14:41
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3eVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3eVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr 7.10.2
cisco ios_xr 7.11
cisco 8011-4g24y4h-i -
cisco 8101-32fh -
cisco 8101-32fh-o -
cisco 8101-32h-o -
cisco 8102-28fh-dpu-o -
cisco 8102-64h -
cisco 8102-64h-o -
cisco 8111-32eh-o -
cisco 8122-64eh-o -
cisco 8122-64ehf-o -
cisco 8201 -
cisco 8201-24h8fh -
cisco 8201-32fh -
cisco 8201-32fh-o -
cisco 8202 -
cisco 8202-32fh-m -
cisco 8212-48fh-m -
cisco 8404 -
cisco 8501-sys-mt -
cisco 8608 -
cisco 8700 -
cisco 8711-32fh-m -
cisco 8712-mod-m -
cisco 8804 -
cisco 8808 -
cisco 8812 -
cisco 8818 -
cisco ncs_540-12z20g-sys-a -
cisco ncs_540-12z20g-sys-d -
cisco ncs_540-24q2c2dd-sys -
cisco ncs_540-24q8l2dd-sys -
cisco ncs_540-24z8q2c-sys -
cisco ncs_540-28z4c-sys-a -
cisco ncs_540-28z4c-sys-d -
cisco ncs_540-6z14s-sys-d -
cisco ncs_540-6z18g-sys-a -
cisco ncs_540-6z18g-sys-d -
cisco ncs_540-acc-sys -
cisco ncs_540-fh-agg -
cisco ncs_540-fh-csr-sys -
cisco ncs_540x-12z16g-sys-a -
cisco ncs_540x-12z16g-sys-d -
cisco ncs_540x-16z4g8q2c-a -
cisco ncs_540x-16z4g8q2c-d -
cisco ncs_540x-16z8q2c-d -
cisco ncs_540x-4z14g2q-a -
cisco ncs_540x-4z14g2q-d -
cisco ncs_540x-6z18g-sys-a -
cisco ncs_540x-6z18g-sys-d -
cisco ncs_540x-8z16g-sys-a -
cisco ncs_540x-8z16g-sys-d -
cisco ncs_540x-acc-sys -
cisco ncs_5501 -
cisco ncs_5501-se -
cisco ncs_5502 -
cisco ncs_5502-se -
cisco ncs_5504 -
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_55a1-24h -
cisco ncs_55a1-24q6h-s -
cisco ncs_55a1-24q6h-ss -
cisco ncs_55a1-36h -
cisco ncs_55a1-36h-se -
cisco ncs_55a1-48q6h -
cisco ncs_55a2-mod-hd-s -
cisco ncs_55a2-mod-s -
cisco ncs_55a2-mod-se-s -
cisco ncs_560-4 -
cisco ncs_560-7 -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57d2-18dd-sys -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC973609-4C39-4B38-A5E3-94C841F89E02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en interfaces Pseudowire en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de claves de b\u00fasqueda a contextos de interfaz interna. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a recursos detr\u00e1s del dispositivo afectado que se supon\u00eda estaban protegidos por una ACL configurada."
    }
  ],
  "id": "CVE-2024-20322",
  "lastModified": "2025-08-05T14:41:53.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-13T17:15:48.407",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.