CVE-2024-20291
5.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD
Description
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.
This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.3(10) |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3000 In Standalone Nx Os Mode | All versions |
Cisco Nexus 3048 | All versions |
Cisco Nexus 31108pc V | All versions |
Cisco Nexus 31108tc V | All versions |
Cisco Nexus 31128pq | All versions |
Cisco Nexus 3132c Z | All versions |
Cisco Nexus 3132q V | All versions |
Cisco Nexus 3132q Xl | All versions |
Cisco Nexus 3164q | All versions |
Cisco Nexus 3172pq | All versions |
Cisco Nexus 3172pq Xl | All versions |
Cisco Nexus 3172tq | All versions |
Cisco Nexus 3172tq 32t | All versions |
Cisco Nexus 3172tq Xl | All versions |
Cisco Nexus 3232c | All versions |
Cisco Nexus 3264c E | All versions |
Cisco Nexus 3264q | All versions |
Cisco Nexus 3408 S | All versions |
Cisco Nexus 34180yc | All versions |
Cisco Nexus 34200yc Sm | All versions |
Cisco Nexus 3432d S | All versions |
Cisco Nexus 3464c | All versions |
Cisco Nexus 3524 X | All versions |
Cisco Nexus 3524 Xl | All versions |
Cisco Nexus 3548 X | All versions |
Cisco Nexus 3548 Xl | All versions |
Cisco Nexus 36180yc R | All versions |
Cisco Nexus 9000 In Standalone Nx Os Mode | All versions |
Cisco Nexus 9000v | All versions |
Cisco Nexus 92160yc X | All versions |
Cisco Nexus 92300yc | All versions |
Cisco Nexus 92304qc | All versions |
Cisco Nexus 92348gc Fx3 | All versions |
Cisco Nexus 92348gc X | All versions |
Cisco Nexus 9236c | All versions |
Cisco Nexus 9272q | All versions |
Cisco Nexus 93108tc Ex | All versions |
Cisco Nexus 93108tc Ex 24 | All versions |
Cisco Nexus 93108tc Fx | All versions |
Cisco Nexus 93108tc Fx 24 | All versions |
Cisco Nexus 93108tc Fx3 | All versions |
Cisco Nexus 93108tc Fx3h | All versions |
Cisco Nexus 93108tc Fx3p | All versions |
Cisco Nexus 93120tx | All versions |
Cisco Nexus 9316d Gx | All versions |
Cisco Nexus 93180lc Ex | All versions |
Cisco Nexus 93180yc Ex | All versions |
Cisco Nexus 93180yc Ex 24 | All versions |
Cisco Nexus 93180yc Fx | All versions |
Cisco Nexus 93180yc Fx 24 | All versions |
Cisco Nexus 93180yc Fx3 | All versions |
Cisco Nexus 93180yc Fx3h | All versions |
Cisco Nexus 93180yc Fx3s | All versions |
Cisco Nexus 93216tc Fx2 | All versions |
Cisco Nexus 93240yc Fx2 | All versions |
Cisco Nexus 9332c | All versions |
Cisco Nexus 9332d Gx2b | All versions |
Cisco Nexus 9332d H2r | All versions |
Cisco Nexus 9332pq | All versions |
Cisco Nexus 93360yc Fx2 | All versions |
Cisco Nexus 9336c Fx2 | All versions |
Cisco Nexus 9336c Fx2 E | All versions |
Cisco Nexus 9336pq Aci Spine | All versions |
Cisco Nexus 93400ld H1 | All versions |
Cisco Nexus 9348d Gx2a | All versions |
Cisco Nexus 9348gc Fx3 | All versions |
Cisco Nexus 9348gc Fxp | All versions |
Cisco Nexus 93600cd Gx | All versions |
Cisco Nexus 9364c | All versions |
Cisco Nexus 9364c Gx | All versions |
Cisco Nexus 9364c H1 | All versions |
Cisco Nexus 9364d Gx2a | All versions |
Cisco Nexus 9364e Sg2 | All versions |
Cisco Nexus 9372px E | All versions |
Cisco Nexus 9372tx E | All versions |
Cisco Nexus 9396tx | All versions |
Cisco Nexus 9408 | All versions |
Cisco Nexus 9508 | All versions |
Cisco Nexus 9804 | All versions |
Cisco Nexus 9808 | All versions |
Related CWEs
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.