CVE-2024-20510

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 863

Summary

CVE-2024-20510 identifies a vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers, which allows an unauthenticated adjacent attacker to bypass pre-authentication access control lists (ACLs). This issue arises from a logic error when activating the ACL received from the authentication, authorization, and accounting (AAA) server. Affected products include various models of Cisco Wireless Controllers. To remediate this vulnerability, organizations should apply patches provided by Cisco as recommended in their security advisory. Exploitation of this vulnerability could grant attackers unauthorized access to network resources prior to user authentication, posing a medium severity risk to organizational security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share