CVE-2024-20263

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 26, 2024
Updated: Feb 6, 2024
CWE ID 284

Summary

CVE-2024-20263 is a vulnerability affecting the access control list (ACL) management of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches. An unauthenticated, remote attacker can exploit this issue by sending crafted traffic to an affected device when the primary or backup switch experiences a full stack reload or power cycle. The flaw arises from incorrect ACL processing on the stacked configuration. When in the vulnerable state, the primary devices correctly apply the ACL, but the backup devices may incorrectly process it. As a result, an attacker could bypass the configured ACL, leading to unexpected traffic forwarding or dropping. It is essential to note that the attacker does not control the conditions causing the device to be in the vulnerable state.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share