A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.
This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco nexus 3550 Firmware |
|
CPEs | cpe:2.3:o:cisco:nexus_3550_firmware:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cisco
Cisco nexus 3550 Firmware |
|
Metrics |
ssvc
|
Wed, 06 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device. | |
Title | Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability | |
Weaknesses | CWE-264 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-11-06T16:28:40.803Z
Updated: 2024-11-06T17:23:18.189Z
Reserved: 2023-11-08T15:08:07.654Z
Link: CVE-2024-20371
Vulnrichment
Updated: 2024-11-06T17:23:10.370Z
NVD
Status : Awaiting Analysis
Published: 2024-11-06T17:15:14.187
Modified: 2024-11-06T18:17:17.287
Link: CVE-2024-20371
Redhat
No data.