A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.  This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.
History

Wed, 06 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco nexus 3550 Firmware
CPEs cpe:2.3:o:cisco:nexus_3550_firmware:*:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco nexus 3550 Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.  This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.
Title Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability
Weaknesses CWE-264
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-11-06T16:28:40.803Z

Updated: 2024-11-06T17:23:18.189Z

Reserved: 2023-11-08T15:08:07.654Z

Link: CVE-2024-20371

cve-icon Vulnrichment

Updated: 2024-11-06T17:23:10.370Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-06T17:15:14.187

Modified: 2024-11-06T18:17:17.287

Link: CVE-2024-20371

cve-icon Redhat

No data.