CVSS 3.1 Score 5.8 of 10 (medium)


Published Mar 27, 2024
CWE ID 390


CVE-2024-20316 is a vulnerability in the data model interface (DMI) services of Cisco IOS XE Software. It affects multiple products. The vulnerability allows an unauthenticated, remote attacker to access resources that should have been protected by an IPv4 access control list (ACL). The vulnerability occurs when a device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocols and the update would reorder access control entries (ACEs) in the ACL. To remediate this vulnerability, Cisco recommends updating to a fixed software release. The potential danger to an organization is that an attacker could exploit this vulnerability to gain unauthorized access to protected resources on affected devices.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-20316 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options