CVE-2024-20371

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.  This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.

Related Vulnerabilities

CVE-2007-3968

MEDIUM
CVSS:5.3(Medium)

index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.

CWE-2642007

CVE-2014-9610

MEDIUM
CVSS:5.3(Medium)

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/...

CWE-2642014

CVE-2015-1610

MEDIUM
CVSS:5.3(Medium)

hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing."

CWE-2642015

CVE-2015-8748

MEDIUM
CVSS:5.3(Medium)

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".

CWE-2642015

CVE-2016-10929

MEDIUM
CVSS:5.3(Medium)

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.

CWE-2642016

CVE-2016-1324

MEDIUM
CVSS:5.3(Medium)

The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.

CWE-2642016