CVE-2024-20465

Summary

CVE-2024-20465 is a vulnerability found in Cisco IOS Software that affects the Industrial Ethernet 4000, 4010, and 5000 Series Switches. This issue arises from improper handling of IPv4 access control lists (ACLs) on switched virtual interfaces, particularly when the Resilient Ethernet Protocol (REP) is enabled or disabled. An unauthorized remote attacker could exploit this vulnerability to bypass ACLs, potentially allowing malicious traffic through affected devices without authentication. To remediate this vulnerability, organizations are advised to apply patches or updates provided by Cisco as specified in their security advisory. The vulnerability has a medium severity rating with a CVSS score of 5.8, indicating that while it poses a risk, the impact might be limited depending on the specific network configuration and security posture of the organization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.