Cyber Resilience

CVE-2024-20316

Medium

Published: 27 March 2024

Published
27 March 2024
Modified
30 July 2025
KEV Added
Patch
CVSS Score v3.1 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score 0.0026 50.0th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20316 is a medium-severity Detection of Error Condition Without Action (CWE-390) vulnerability in Cisco Ios Xe. Its CVSS base score is 5.8 (Medium).

Operationally, ranked in the top 50.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due…

more

to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios xe
16.10.1, 16.10.1a, 16.10.1b, 16.10.1e, 16.10.1s

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-390

Requires explicit action (alert plus additional responses) on audit logging failures rather than detecting the error condition without acting.

addresses: CWE-390

The control mandates response actions to address results from monitoring and assessments, preventing detection of error conditions without subsequent corrective action.

addresses: CWE-390

Procedures require detection of error/incident conditions followed by defined response actions.

addresses: CWE-390

IR testing verifies that detected error conditions trigger appropriate response actions rather than being ignored.

addresses: CWE-390

The containment, eradication, and recovery steps ensure detected incidents trigger concrete actions rather than no response.

addresses: CWE-390

Provides assistance for handling incidents, ensuring detected error conditions lead to appropriate user actions rather than inaction.

addresses: CWE-390

Requires response actions to analysis of monitoring data, directly preventing detection of error conditions without follow-up action.

addresses: CWE-390

Reporting on security performance measures requires confirming that detected error conditions trigger appropriate actions rather than being ignored.

References