CVE-2024-20263
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2024-20263 is a vulnerability affecting the access control list (ACL) management of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches. An unauthenticated, remote attacker can exploit this issue by sending crafted traffic to an affected device when the primary or backup switch experiences a full stack reload or power cycle. The flaw arises from incorrect ACL processing on the stacked configuration. When in the vulnerable state, the primary devices correctly apply the ACL, but the backup devices may incorrectly process it. As a result, an attacker could bypass the configured ACL, leading to unexpected traffic forwarding or dropping. It is essential to note that the attacker does not control the conditions causing the device to be in the vulnerable state.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Cisco Systems Inc