CVE-2024-20263

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 26, 2024
Updated: Feb 6, 2024
CWE ID 284

Summary

CVE-2024-20263 is a vulnerability affecting the access control list (ACL) management of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches. An unauthenticated, remote attacker can exploit this issue by sending crafted traffic to an affected device when the primary or backup switch experiences a full stack reload or power cycle. The flaw arises from incorrect ACL processing on the stacked configuration. When in the vulnerable state, the primary devices correctly apply the ACL, but the backup devices may incorrectly process it. As a result, an attacker could bypass the configured ACL, leading to unexpected traffic forwarding or dropping. It is essential to note that the attacker does not control the conditions causing the device to be in the vulnerable state.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-20263 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database