CVE-2024-20371

{"id": "CVE-2024-20371", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-20371", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-06T17:21:00.515441Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "affected": [{"source": "psirt@cisco.com", "affectedData": [{"vendor": "Cisco", "product": "Cisco Nexus 3550 System Software", "versions": [{"status": "affected", "version": "3550-F_1.11.3"}, {"status": "affected", "version": "3550-F_1.12.0"}, {"status": "affected", "version": "3550-F_1.16.0"}, {"status": "affected", "version": "3550-F_1.17.1"}, {"status": "affected", "version": "3550-F_1.11.1"}, {"status": "affected", "version": "3550-F_1.11.2"}, {"status": "affected", "version": "3550-F_1.15.0"}, {"status": "affected", "version": "3550-F_1.13.0"}, {"status": "affected", "version": "3550-F_1.14.0"}], "defaultStatus": "unknown"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "affectedData": [{"cpes": ["cpe:2.3:o:cisco:nexus_3550_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "nexus_3550_firmware", "versions": [{"status": "affected", "version": "3550-F_1.11.3"}, {"status": "affected", "version": "3550-F_1.12.0"}, {"status": "affected", "version": "3550-F_1.16.0"}, {"status": "affected", "version": "3550-F_1.17.1"}, {"status": "affected", "version": "3550-F_1.11.1"}, {"status": "affected", "version": "3550-F_1.11.2"}, {"status": "affected", "version": "3550-F_1.15.0"}, {"status": "affected", "version": "3550-F_1.13.0"}, {"status": "affected", "version": "3550-F_1.14.0"}], "defaultStatus": "unknown"}]}], "published": "2024-11-06T17:15:14.187", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q", "source": "psirt@cisco.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. \r\n\r\nThis vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la programaci\u00f3n de la lista de control de acceso (ACL) de los conmutadores Cisco Nexus 3550-F podr\u00eda permitir que un atacante remoto no autenticado env\u00ede tr\u00e1fico que deber\u00eda estar bloqueado a la interfaz de administraci\u00f3n de un dispositivo afectado. Esta vulnerabilidad existe porque las reglas de denegaci\u00f3n de ACL no se aplican correctamente en el momento del reinicio del dispositivo. Un atacante podr\u00eda aprovechar esta vulnerabilidad al intentar enviar tr\u00e1fico a la interfaz de administraci\u00f3n de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante enviar tr\u00e1fico a la interfaz de administraci\u00f3n del dispositivo afectado."}], "lastModified": "2026-06-17T07:06:51.253", "sourceIdentifier": "psirt@cisco.com"}