Action not permitted
Modal body text goes here.
ghsa-pp73-8587-cg75
Vulnerability from github
A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication.
This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting.
{ "affected": [], "aliases": [ "CVE-2024-20510" ], "database_specific": { "cwe_ids": [ "CWE-863" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-09-25T17:15:18Z", "severity": "MODERATE" }, "details": "A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication.\n\n This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting.", "id": "GHSA-pp73-8587-cg75", "modified": "2024-09-25T18:31:21Z", "published": "2024-09-25T18:31:21Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20510" }, { "type": "WEB", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-cwa-acl-nPSbHSnA" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "type": "CVSS_V3" } ] }
cve-2024-20510
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XE Software |
Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.5b Version: 16.3.6 Version: 16.3.7 Version: 16.3.8 Version: 16.3.9 Version: 16.3.10 Version: 16.3.11 Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1a Version: 16.5.1b Version: 16.5.2 Version: 16.5.3 Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.6.4 Version: 16.6.5 Version: 16.6.4a Version: 16.6.5a Version: 16.6.6 Version: 16.6.7 Version: 16.6.8 Version: 16.6.9 Version: 16.6.10 Version: 16.7.1 Version: 16.7.1a Version: 16.7.1b Version: 16.7.2 Version: 16.7.3 Version: 16.7.4 Version: 16.8.1 Version: 16.8.1a Version: 16.8.1b Version: 16.8.1s Version: 16.8.1c Version: 16.8.1d Version: 16.8.2 Version: 16.8.1e Version: 16.8.3 Version: 16.9.1 Version: 16.9.2 Version: 16.9.1a Version: 16.9.1b Version: 16.9.1s Version: 16.9.3 Version: 16.9.4 Version: 16.9.3a Version: 16.9.5 Version: 16.9.5f Version: 16.9.6 Version: 16.9.7 Version: 16.9.8 Version: 16.10.1 Version: 16.10.1a Version: 16.10.1b Version: 16.10.1s Version: 16.10.1c Version: 16.10.1e Version: 16.10.1d Version: 16.10.2 Version: 16.10.1f Version: 16.10.1g Version: 16.10.3 Version: 16.11.1 Version: 16.11.1a Version: 16.11.1b Version: 16.11.2 Version: 16.11.1s Version: 16.12.1 Version: 16.12.1s Version: 16.12.1a Version: 16.12.1c Version: 16.12.1w Version: 16.12.2 Version: 16.12.1y Version: 16.12.2a Version: 16.12.3 Version: 16.12.8 Version: 16.12.2s Version: 16.12.1x Version: 16.12.1t Version: 16.12.4 Version: 16.12.3s Version: 16.12.3a Version: 16.12.4a Version: 16.12.5 Version: 16.12.6 Version: 16.12.1z1 Version: 16.12.5a Version: 16.12.5b Version: 16.12.1z2 Version: 16.12.6a Version: 16.12.7 Version: 16.12.9 Version: 16.12.10 Version: 16.12.10a Version: 16.12.11 Version: 17.1.1 Version: 17.1.1a Version: 17.1.1s Version: 17.1.1t Version: 17.1.3 Version: 17.2.1 Version: 17.2.1r Version: 17.2.1a Version: 17.2.1v Version: 17.2.2 Version: 17.2.3 Version: 17.3.1 Version: 17.3.2 Version: 17.3.3 Version: 17.3.1a Version: 17.3.1w Version: 17.3.2a Version: 17.3.1x Version: 17.3.1z Version: 17.3.4 Version: 17.3.5 Version: 17.3.4a Version: 17.3.6 Version: 17.3.4b Version: 17.3.4c Version: 17.3.5a Version: 17.3.5b Version: 17.3.7 Version: 17.3.8 Version: 17.3.8a Version: 17.4.1 Version: 17.4.2 Version: 17.4.1a Version: 17.4.1b Version: 17.4.2a Version: 17.5.1 Version: 17.5.1a Version: 17.6.1 Version: 17.6.2 Version: 17.6.1w Version: 17.6.1a Version: 17.6.1x Version: 17.6.3 Version: 17.6.1y Version: 17.6.1z Version: 17.6.3a Version: 17.6.4 Version: 17.6.1z1 Version: 17.6.5 Version: 17.6.6 Version: 17.6.6a Version: 17.6.5a Version: 17.6.7 Version: 17.7.1 Version: 17.7.1a Version: 17.7.1b Version: 17.7.2 Version: 17.10.1 Version: 17.10.1a Version: 17.10.1b Version: 17.8.1 Version: 17.8.1a Version: 17.9.1 Version: 17.9.1w Version: 17.9.2 Version: 17.9.1a Version: 17.9.1x Version: 17.9.1y Version: 17.9.3 Version: 17.9.2a Version: 17.9.1x1 Version: 17.9.3a Version: 17.9.4 Version: 17.9.1y1 Version: 17.9.5 Version: 17.9.4a Version: 17.9.5a Version: 17.9.5b Version: 17.11.1 Version: 17.11.1a Version: 17.12.1 Version: 17.12.1w Version: 17.12.1a Version: 17.12.1x Version: 17.12.2 Version: 17.12.3 Version: 17.12.2a Version: 17.12.1y Version: 17.13.1 Version: 17.13.1a Version: 17.11.99SW |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20510", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T18:51:36.505235Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-25T18:51:46.446Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.1a" }, { "status": "affected", "version": "16.7.1b" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.7.4" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.1d" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.1e" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1c" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.1d" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.1f" }, { "status": "affected", "version": "16.10.1g" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.1w" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.1y" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1x" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.1z1" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.1z2" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "16.12.11" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.1w" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.1x" }, { "status": "affected", "version": "17.3.1z" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.6.7" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.9.5" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.9.5a" }, { "status": "affected", "version": "17.9.5b" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.1x" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.3" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.12.1y" }, { "status": "affected", "version": "17.13.1" }, { "status": "affected", "version": "17.13.1a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication.\r\n\r This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "Incorrect Authorization", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-25T16:28:59.102Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-c9800-cwa-acl-nPSbHSnA", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-cwa-acl-nPSbHSnA" } ], "source": { "advisory": "cisco-sa-c9800-cwa-acl-nPSbHSnA", "defects": [ "CSCwh81471" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20510", "datePublished": "2024-09-25T16:28:59.102Z", "dateReserved": "2023-11-08T15:08:07.688Z", "dateUpdated": "2024-09-25T18:51:46.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.