Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities

cisco-sa-iosxr-acl-bypass-RZU5NL3e · Medium · Published · Updated

Multiple vulnerabilities in the IP access control list (ACL) processing in the ingress direction on MPLS and Pseudowire (PW) interfaces of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are workarounds that address CVE-2024-20315. There are no workarounds that address CVE-2024-20322. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

CVE-2024-20315: There is a workaround that addresses this vulnerability.

Customers could remove the ingress ACLs from the MPLS-enabled interfaces and use egress ACLs in their environment instead. Egress hybrid ACLs are supported in Cisco IOS XR releases 7.6.2 and later.

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVE-2024-20322: There are no workarounds that address this vulnerability.

CVEsCVE-2024-20315, CVE-2024-20322
Cisco Bug IDsCSCwf99658, CSCwh77265
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XR Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco IOS XR Software known_affected cisco_csaf CVE-2024-20315, CVE-2024-20322 2

Related Products

Product CVE Evidence
Cisco IOS XR Software CVE-2024-20322 Cisco OpenVuln
Cisco IOS CVE-2024-20322 Cisco OpenVuln
Cisco IOS Software CVE-2024-20322 Cisco OpenVuln
Cisco IOS XR Software CVE-2024-20315 Cisco OpenVuln
Cisco IOS CVE-2024-20315 Cisco OpenVuln
Cisco IOS Software CVE-2024-20315 Cisco OpenVuln