CVE-2024-20322

{"id": "CVE-2024-20322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-03-13T17:15:48.407", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."}, {"lang": "es", "value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en interfaces Pseudowire en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de claves de b\u00fasqueda a contextos de interfaz interna. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a recursos detr\u00e1s del dispositivo afectado que se supon\u00eda estaban protegidos por una ACL configurada."}], "lastModified": "2025-08-05T14:41:53.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC973609-4C39-4B38-A5E3-94C841F89E02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64"}, {"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8"}, {"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6"}, {"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9"}, {"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A"}, {"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34"}, {"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF"}, {"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71"}, {"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B"}, {"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496"}, {"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3"}, {"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978"}, {"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7"}, {"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9"}, {"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2"}, {"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7"}, {"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353"}, {"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14"}, {"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD"}, {"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE"}, {"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017"}, {"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3"}, {"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542"}, {"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45"}, {"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7"}, {"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5"}, {"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0"}, {"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261"}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A"}, {"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"}, {"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"}, {"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"}, {"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"}, {"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C"}, {"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"}, {"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68"}, {"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD"}, {"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C"}, {"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7"}, {"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528"}, {"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2"}, {"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB"}, {"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331"}, {"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}