CVE-2024-20316
Published: 27 March 2024
Summary
CVE-2024-20316 is a medium-severity Detection of Error Condition Without Action (CWE-390) vulnerability in Cisco Ios Xe. Its CVSS base score is 5.8 (Medium).
Operationally, ranked in the top 50.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-18031
Vulnerability details
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due…
more
to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires explicit action (alert plus additional responses) on audit logging failures rather than detecting the error condition without acting.
The control mandates response actions to address results from monitoring and assessments, preventing detection of error conditions without subsequent corrective action.
Procedures require detection of error/incident conditions followed by defined response actions.
IR testing verifies that detected error conditions trigger appropriate response actions rather than being ignored.
The containment, eradication, and recovery steps ensure detected incidents trigger concrete actions rather than no response.
Provides assistance for handling incidents, ensuring detected error conditions lead to appropriate user actions rather than inaction.
Requires response actions to analysis of monitoring data, directly preventing detection of error conditions without follow-up action.
Reporting on security performance measures requires confirming that detected error conditions trigger appropriate actions rather than being ignored.