CVE-2024-20291

{"id": "CVE-2024-20291", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-29T01:43:59.000", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.\r\n\r This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces."}, {"lang": "es", "value": "Una vulnerabilidad en la programaci\u00f3n de la lista de control de acceso (ACL) para las subinterfaces del canal de puerto de los conmutadores Cisco Nexus de las series 3000 y 9000 en modo NX-OS independiente podr\u00eda permitir que un atacante remoto no autenticado env\u00ede tr\u00e1fico que deber\u00eda bloquearse a trav\u00e9s de un dispositivo afectado. Esta vulnerabilidad se debe a una programaci\u00f3n de hardware incorrecta que ocurre cuando se realizan cambios de configuraci\u00f3n en los puertos miembros del canal de puertos. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a recursos de red que deber\u00edan estar protegidos por una ACL que se aplic\u00f3 en las subinterfaces del canal de puerto."}], "lastModified": "2025-04-30T14:15:10.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "350F10D8-221B-4A47-8BF6-CCC421878243"}, {"criteria": "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0B4E497-95AE-45FC-8F89-A7959CA9AF4E"}, {"criteria": "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7385A37A-FC89-44E6-8BD9-C35B2F22714F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3000_in_standalone_nx-os_mode:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D194B648-4932-482A-88F9-F65E5F5239FC"}, {"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D"}, {"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2"}, {"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B"}, {"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9"}, {"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB"}, {"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33"}, {"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937"}, {"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137"}, {"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2"}, {"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201"}, {"criteria": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA52D5C1-13D8-4D23-B022-954CCEF491F1"}, {"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0"}, {"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D"}, {"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2"}, {"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94"}, {"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34"}, {"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C"}, {"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233"}, {"criteria": "cpe:2.3:h:cisco:nexus_9000_in_standalone_nx-os_mode:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DA62800-F5DC-48DA-8C81-D684EA8EBB9F"}, {"criteria": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8"}, {"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811"}, {"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210"}, {"criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651"}, {"criteria": "cpe:2.3:h:cisco:nexus_92348gc-fx3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19C3A385-319E-4137-8D9A-13B5555897EB"}, {"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B"}, {"criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0"}, {"criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40E40F42-632A-47DF-BE33-DC25B826310B"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C70911ED-371A-4EB6-8DDD-DCE3A21FDBAE"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16C64136-89C2-443C-AF7B-BED81D3DE25A"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BBEF7F26-BB47-44BD-872E-130820557C23"}, {"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "102F91CD-DFB6-43D4-AE5B-DA157A696230"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5394DE31-3863-4CA9-B7B1-E5227183100D"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE4BB834-2C00-4384-A78E-AF3BCDDC58AF"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CE49B45-F2E9-491D-9C29-1B46E9CE14E2"}, {"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26"}, {"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5"}, {"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB"}, {"criteria": "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "02C3CE6D-BD54-48B1-A188-8E53DA001424"}, {"criteria": "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "498991F7-39D6-428C-8C7D-DD8DC72A0346"}, {"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D"}, {"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0"}, {"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730"}, {"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC"}, {"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334"}, {"criteria": "cpe:2.3:h:cisco:nexus_93400ld-h1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D2DFCA0-36D8-48BC-B20D-84509EB5FF66"}, {"criteria": "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73DC1E93-561E-490C-AE0E-B02BAB9A7C8E"}, {"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C"}, {"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9"}, {"criteria": "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF467E2-4567-426E-8F48-39669E0F514C"}, {"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68EA1FEF-B6B6-49FE-A0A4-5387F76303F8"}, {"criteria": "cpe:2.3:h:cisco:nexus_9364c-h1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F2EC055-B309-4F1F-A646-FA47AE344D27"}, {"criteria": "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40D6DB7F-C025-4971-9615-73393ED61078"}, {"criteria": "cpe:2.3:h:cisco:nexus_9364e-sg2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA4E79EC-8CA8-4515-A333-89C0ECFAB15E"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B53BCB42-ED61-4FCF-8068-CB467631C63C"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "489D11EC-5A18-4F32-BC7C-AC1FCEC27222"}, {"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A"}, {"criteria": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8D5D5E2-B40B-475D-9EF3-8441016E37E9"}, {"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6"}, {"criteria": "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C"}, {"criteria": "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3284D16F-3275-4F8D-8AE4-D413DE19C4FA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}