CVE-2024-20510
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Summary
CVE-2024-20510 identifies a vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers, which allows an unauthenticated adjacent attacker to bypass pre-authentication access control lists (ACLs). This issue arises from a logic error when activating the ACL received from the authentication, authorization, and accounting (AAA) server. Affected products include various models of Cisco Wireless Controllers. To remediate this vulnerability, organizations should apply patches provided by Cisco as recommended in their security advisory. Exploitation of this vulnerability could grant attackers unauthorized access to network resources prior to user authentication, posing a medium severity risk to organizational security.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.