5.8

CVE-2024-20316

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).

 This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xe Version16.3.1
CiscoIos Xe Version16.3.1a
CiscoIos Xe Version16.3.2
CiscoIos Xe Version16.3.3
CiscoIos Xe Version16.3.4
CiscoIos Xe Version16.3.5
CiscoIos Xe Version16.3.5b
CiscoIos Xe Version16.3.6
CiscoIos Xe Version16.3.7
CiscoIos Xe Version16.3.8
CiscoIos Xe Version16.3.9
CiscoIos Xe Version16.3.10
CiscoIos Xe Version16.3.11
CiscoIos Xe Version16.4.1
CiscoIos Xe Version16.4.2
CiscoIos Xe Version16.4.3
CiscoIos Xe Version16.5.1
CiscoIos Xe Version16.5.1a
CiscoIos Xe Version16.5.1b
CiscoIos Xe Version16.5.2
CiscoIos Xe Version16.5.3
CiscoIos Xe Version16.6.1
CiscoIos Xe Version16.6.2
CiscoIos Xe Version16.6.3
CiscoIos Xe Version16.6.4
CiscoIos Xe Version16.6.4a
CiscoIos Xe Version16.6.5
CiscoIos Xe Version16.6.5a
CiscoIos Xe Version16.6.6
CiscoIos Xe Version16.6.7
CiscoIos Xe Version16.6.8
CiscoIos Xe Version16.6.9
CiscoIos Xe Version16.6.10
CiscoIos Xe Version16.7.1
CiscoIos Xe Version16.7.2
CiscoIos Xe Version16.7.3
CiscoIos Xe Version16.8.1
CiscoIos Xe Version16.8.1a
CiscoIos Xe Version16.8.1b
CiscoIos Xe Version16.8.1c
CiscoIos Xe Version16.8.1s
CiscoIos Xe Version16.8.2
CiscoIos Xe Version16.8.3
CiscoIos Xe Version16.9.1
CiscoIos Xe Version16.9.1a
CiscoIos Xe Version16.9.1b
CiscoIos Xe Version16.9.1s
CiscoIos Xe Version16.9.2
CiscoIos Xe Version16.9.3
CiscoIos Xe Version16.9.3a
CiscoIos Xe Version16.9.4
CiscoIos Xe Version16.9.5
CiscoIos Xe Version16.9.5f
CiscoIos Xe Version16.9.6
CiscoIos Xe Version16.9.7
CiscoIos Xe Version16.9.8
CiscoIos Xe Version16.10.1
CiscoIos Xe Version16.10.1a
CiscoIos Xe Version16.10.1b
CiscoIos Xe Version16.10.1e
CiscoIos Xe Version16.10.1s
CiscoIos Xe Version16.10.2
CiscoIos Xe Version16.10.3
CiscoIos Xe Version16.11.1
CiscoIos Xe Version16.11.1a
CiscoIos Xe Version16.11.1b
CiscoIos Xe Version16.11.1s
CiscoIos Xe Version16.11.2
CiscoIos Xe Version16.12.1
CiscoIos Xe Version16.12.1a
CiscoIos Xe Version16.12.1c
CiscoIos Xe Version16.12.1s
CiscoIos Xe Version16.12.1t
CiscoIos Xe Version16.12.2
CiscoIos Xe Version16.12.2a
CiscoIos Xe Version16.12.2s
CiscoIos Xe Version16.12.3
CiscoIos Xe Version16.12.3a
CiscoIos Xe Version16.12.3s
CiscoIos Xe Version16.12.4
CiscoIos Xe Version16.12.4a
CiscoIos Xe Version16.12.5
CiscoIos Xe Version16.12.5a
CiscoIos Xe Version16.12.5b
CiscoIos Xe Version16.12.6
CiscoIos Xe Version16.12.6a
CiscoIos Xe Version16.12.7
CiscoIos Xe Version16.12.8
CiscoIos Xe Version16.12.9
CiscoIos Xe Version16.12.10
CiscoIos Xe Version16.12.10a
CiscoIos Xe Version16.12.11
CiscoIos Xe Version17.1.1
CiscoIos Xe Version17.1.1a
CiscoIos Xe Version17.1.1s
CiscoIos Xe Version17.1.1t
CiscoIos Xe Version17.1.3
CiscoIos Xe Version17.2.1
CiscoIos Xe Version17.2.1a
CiscoIos Xe Version17.2.1r
CiscoIos Xe Version17.2.1v
CiscoIos Xe Version17.2.2
CiscoIos Xe Version17.2.3
CiscoIos Xe Version17.3.1
CiscoIos Xe Version17.3.1a
CiscoIos Xe Version17.3.2
CiscoIos Xe Version17.3.2a
CiscoIos Xe Version17.3.3
CiscoIos Xe Version17.3.4
CiscoIos Xe Version17.3.4a
CiscoIos Xe Version17.3.4b
CiscoIos Xe Version17.3.4c
CiscoIos Xe Version17.3.5
CiscoIos Xe Version17.3.5a
CiscoIos Xe Version17.3.5b
CiscoIos Xe Version17.3.6
CiscoIos Xe Version17.3.7
CiscoIos Xe Version17.3.8
CiscoIos Xe Version17.3.8a
CiscoIos Xe Version17.4.1
CiscoIos Xe Version17.4.1a
CiscoIos Xe Version17.4.1b
CiscoIos Xe Version17.4.2
CiscoIos Xe Version17.4.2a
CiscoIos Xe Version17.5.1
CiscoIos Xe Version17.5.1a
CiscoIos Xe Version17.6.1
CiscoIos Xe Version17.6.1a
CiscoIos Xe Version17.6.2
CiscoIos Xe Version17.6.3
CiscoIos Xe Version17.6.3a
CiscoIos Xe Version17.6.4
CiscoIos Xe Version17.6.5
CiscoIos Xe Version17.6.5a
CiscoIos Xe Version17.6.6
CiscoIos Xe Version17.6.6a
CiscoIos Xe Version17.7.1
CiscoIos Xe Version17.7.1a
CiscoIos Xe Version17.7.1b
CiscoIos Xe Version17.7.2
CiscoIos Xe Version17.8.1
CiscoIos Xe Version17.8.1a
CiscoIos Xe Version17.9.1
CiscoIos Xe Version17.9.1a
CiscoIos Xe Version17.9.2
CiscoIos Xe Version17.9.2a
CiscoIos Xe Version17.9.3
CiscoIos Xe Version17.9.3a
CiscoIos Xe Version17.9.4
CiscoIos Xe Version17.9.4a
CiscoIos Xe Version17.10.1
CiscoIos Xe Version17.10.1a
CiscoIos Xe Version17.10.1b
CiscoIos Xe Version17.11.1
CiscoIos Xe Version17.11.1a
CiscoIos Xe Version17.11.99sw
CiscoIos Xe Version17.12.1
CiscoIos Xe Version17.12.1a
CiscoIos Xe Version17.12.2
CiscoIos Xe Version17.12.2a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.498
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
psirt@cisco.com 5.8 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE-390 Detection of Error Condition Without Action

The product detects a specific error, but takes no actions to handle the error.