CVE-2024-20510

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Wireless Controllers versions prior to 17.13.1a

Description A vulnerability in the Central Web Authentication (CWA) feature could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), allowing access to network resources before user authentication. This issue is due to a logic error when activating the pre-authentication ACL received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this by connecting to a wireless network configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication.

Recommendations For Cisco IOS XE Software for Wireless Controllers versions prior to 17.13.1a, upgrade to version 17.13.1a or later to mitigate the risk. As a temporary workaround, consider restricting access to the CWA feature until a patch is available. Additionally, restricting the use of the pre-authentication ACL can help minimize the risk of exploitation.