CVE-2024-20373

MEDIUM EPSS 39.7%
Published Nov 15, 20241y ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Nov 15, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.  This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials. SNMP with IPv6 ACL configurations is not affected. For more information, see the section of this advisory.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
39.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-284

Affected Products 20

VendorProductVersionRange
ciscoios_xe_sd-wan16.9.3any
ciscoios_xe_sd-wan16.9.4any
ciscoios_xe_sd-wan16.10.1any
ciscoios_xe_sd-wan16.10.2any
ciscoios_xe_sd-wan16.10.3any
ciscoios_xe_sd-wan16.10.3aany
ciscoios_xe_sd-wan16.10.3bany
ciscoios_xe_sd-wan16.10.4any
ciscoios_xe_sd-wan16.10.5any
ciscoios_xe_sd-wan16.10.6any
ciscoios_xe_sd-wan16.11.1any
ciscoios_xe_sd-wan16.11.1aany
ciscoios_xe_sd-wan16.11.1bany
ciscoios_xe_sd-wan16.11.1dany
ciscoios_xe_sd-wan16.11.1fany
ciscoios_xe_sd-wan16.11.1sany
ciscoios_xe_sd-wan16.12.1any
ciscoios_xe_sd-wan16.12.3any
ciscoios_xe_sd-wan16.12.4any
ciscoios_xe_sd-wan16.12.5any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.