CVE-2024-20322
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
13/03/2024
Last modified:
05/08/2025
Description
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.<br />
<br />
This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
Impact
Base Score 3.x
5.80
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xr:7.11:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page