CVSS 3.1 Score 5.8 of 10 (medium)


Published Mar 27, 2024
CWE ID 390


CVE-2024-20316 is a vulnerability in the data model interface (DMI) services of Cisco IOS XE Software. It affects multiple products. The vulnerability allows an unauthenticated, remote attacker to access resources that should have been protected by an IPv4 access control list (ACL). The vulnerability occurs when a device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocols and the update would reorder access control entries (ACEs) in the ACL. To remediate this vulnerability, Cisco recommends updating to a fixed software release. The potential danger to an organization is that an attacker could exploit this vulnerability to gain unauthorized access to protected resources on affected devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-20316 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions