CVE-2024-20263

Name of the Vulnerable Software and Affected Versions Cisco Business 250 Series Smart Switches (affected versions not specified) Cisco Business 350 Series Managed Switches (affected versions not specified)

Description A vulnerability with the access control list (ACL) management within a stacked switch configuration could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This issue is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this by sending crafted traffic through an affected device, potentially allowing them to bypass configured ACLs and causing traffic to be dropped or forwarded in an unexpected manner.

Recommendations For Cisco Business 250 Series Smart Switches, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Business 350 Series Managed Switches, there is no information about a newer version that contains a fix for this vulnerability.