CVE-2024-20316

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to improper handling of error conditions in the Data Model Interface (DMI) services of Cisco IOS XE Software when a device administrator updates an IPv4 access control list (ACL) using the NETCONF or RESTCONF protocol. This could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 ACL. The vulnerability arises when the update reorders access control entries (ACEs) in the updated ACL.

Recommendations For Cisco IOS XE Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the NETCONF and RESTCONF protocols until a patch is available. Avoid using the affected DMI services until the issue is resolved. There are workarounds available that address this vulnerability, as described in the Cisco security advisory.