CVE-2024-20322 - Vulnerability Details

Description

A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.

This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.

Published: 2024-03-13

Score: 5.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco IOS XR Software

affected

Version	Status	Constraints
`7.10.2`	affected	—
`7.11.1`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios_xr:7.10.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.11:::::::*

OR	cpe:2.3:h:cisco:8011-4g24y4h-i:-:::::::*
	cpe:2.3:h:cisco:8101-32fh:-:::::::*
	cpe:2.3:h:cisco:8101-32fh-o:-:::::::*
	cpe:2.3:h:cisco:8101-32h-o:-:::::::*
	cpe:2.3:h:cisco:8102-28fh-dpu-o:-:::::::*
	cpe:2.3:h:cisco:8102-64h:-:::::::*
	cpe:2.3:h:cisco:8102-64h-o:-:::::::*
	cpe:2.3:h:cisco:8111-32eh-o:-:::::::*
	cpe:2.3:h:cisco:8122-64eh-o:-:::::::*
	cpe:2.3:h:cisco:8122-64ehf-o:-:::::::*
	cpe:2.3:h:cisco:8201:-:::::::*
	cpe:2.3:h:cisco:8201-24h8fh:-:::::::*
	cpe:2.3:h:cisco:8201-32fh:-:::::::*
	cpe:2.3:h:cisco:8201-32fh-o:-:::::::*
	cpe:2.3:h:cisco:8202:-:::::::*
	cpe:2.3:h:cisco:8202-32fh-m:-:::::::*
	cpe:2.3:h:cisco:8212-48fh-m:-:::::::*
	cpe:2.3:h:cisco:8404:-:::::::*
	cpe:2.3:h:cisco:8501-sys-mt:-:::::::*
	cpe:2.3:h:cisco:8608:-:::::::*
	cpe:2.3:h:cisco:8700:-:::::::*
	cpe:2.3:h:cisco:8711-32fh-m:-:::::::*
	cpe:2.3:h:cisco:8712-mod-m:-:::::::*
	cpe:2.3:h:cisco:8804:-:::::::*
	cpe:2.3:h:cisco:8808:-:::::::*
	cpe:2.3:h:cisco:8812:-:::::::*
	cpe:2.3:h:cisco:8818:-:::::::*
	cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-acc-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-fh-agg:-:::::::*
	cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-acc-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_5501:-:::::::*
	cpe:2.3:h:cisco:ncs_5501-se:-:::::::*
	cpe:2.3:h:cisco:ncs_5502:-:::::::*
	cpe:2.3:h:cisco:ncs_5502-se:-:::::::*
	cpe:2.3:h:cisco:ncs_5504:-:::::::*
	cpe:2.3:h:cisco:ncs_5508:-:::::::*
	cpe:2.3:h:cisco:ncs_5516:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-24h:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-36h:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-36h-se:-:::::::*
cpe:2.3:h:cisco:ncs_55a1-48q6h:-:::::::*
cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:::::::*
cpe:2.3:h:cisco:ncs_55a2-mod-s:-:::::::*
cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:::::::*
cpe:2.3:h:cisco:ncs_560-4:-:::::::*
cpe:2.3:h:cisco:ncs_560-7:-:::::::*
cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:::::::*
cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:::::::*
cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:::::::*
cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:::::::*
cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:::::::*

No data.

Vendor	Product	Confidence	Versions
Cisco	Ios Xr Software	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-18037	A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00065.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e

History

Tue, 05 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco 8011-4g24y4h-i Cisco 8101-32fh Cisco 8101-32fh-o Cisco 8101-32h-o Cisco 8102-28fh-dpu-o Cisco 8102-64h Cisco 8102-64h-o Cisco 8111-32eh-o Cisco 8122-64eh-o Cisco 8122-64ehf-o Cisco 8201 Cisco 8201-24h8fh Cisco 8201-32fh Cisco 8201-32fh-o Cisco 8202 Cisco 8202-32fh-m Cisco 8212-48fh-m Cisco 8404 Cisco 8501-sys-mt Cisco 8608 Cisco 8700 Cisco 8711-32fh-m Cisco 8712-mod-m Cisco 8804 Cisco 8808 Cisco 8812 Cisco 8818 Cisco ios Xr Cisco ncs 540-12z20g-sys-a Cisco ncs 540-12z20g-sys-d Cisco ncs 540-24q2c2dd-sys Cisco ncs 540-24q8l2dd-sys Cisco ncs 540-24z8q2c-sys Cisco ncs 540-28z4c-sys-a Cisco ncs 540-28z4c-sys-d Cisco ncs 540-6z14s-sys-d Cisco ncs 540-6z18g-sys-a Cisco ncs 540-6z18g-sys-d Cisco ncs 540-acc-sys Cisco ncs 540-fh-agg Cisco ncs 540-fh-csr-sys Cisco ncs 540x-12z16g-sys-a Cisco ncs 540x-12z16g-sys-d Cisco ncs 540x-16z4g8q2c-a Cisco ncs 540x-16z4g8q2c-d Cisco ncs 540x-16z8q2c-d Cisco ncs 540x-4z14g2q-a Cisco ncs 540x-4z14g2q-d Cisco ncs 540x-6z18g-sys-a Cisco ncs 540x-6z18g-sys-d Cisco ncs 540x-8z16g-sys-a Cisco ncs 540x-8z16g-sys-d Cisco ncs 540x-acc-sys Cisco ncs 5501 Cisco ncs 5501-se Cisco ncs 5502 Cisco ncs 5502-se Cisco ncs 5504 Cisco ncs 5508 Cisco ncs 5516 Cisco ncs 55a1-24h Cisco ncs 55a1-24q6h-s Cisco ncs 55a1-24q6h-ss Cisco ncs 55a1-36h Cisco ncs 55a1-36h-se Cisco ncs 55a1-48q6h Cisco ncs 55a2-mod-hd-s Cisco ncs 55a2-mod-s Cisco ncs 55a2-mod-se-s Cisco ncs 560-4 Cisco ncs 560-7 Cisco ncs 57b1-5dse-sys Cisco ncs 57b1-6d24-sys Cisco ncs 57c1-48q6-sys Cisco ncs 57c3-mod-sys Cisco ncs 57d2-18dd-sys
CPEs		cpe:2.3:h:cisco:8011-4g24y4h-i:-:::::::* cpe:2.3:h:cisco:8101-32fh-o:-:::::::* cpe:2.3:h:cisco:8101-32fh:-:::::::* cpe:2.3:h:cisco:8101-32h-o:-:::::::* cpe:2.3:h:cisco:8102-28fh-dpu-o:-:::::::* cpe:2.3:h:cisco:8102-64h-o:-:::::::* cpe:2.3:h:cisco:8102-64h:-:::::::* cpe:2.3:h:cisco:8111-32eh-o:-:::::::* cpe:2.3:h:cisco:8122-64eh-o:-:::::::* cpe:2.3:h:cisco:8122-64ehf-o:-:::::::* cpe:2.3:h:cisco:8201-24h8fh:-:::::::* cpe:2.3:h:cisco:8201-32fh-o:-:::::::* cpe:2.3:h:cisco:8201-32fh:-:::::::* cpe:2.3:h:cisco:8201:-:::::::* cpe:2.3:h:cisco:8202-32fh-m:-:::::::* cpe:2.3:h:cisco:8202:-:::::::* cpe:2.3:h:cisco:8212-48fh-m:-:::::::* cpe:2.3:h:cisco:8404:-:::::::* cpe:2.3:h:cisco:8501-sys-mt:-:::::::* cpe:2.3:h:cisco:8608:-:::::::* cpe:2.3:h:cisco:8700:-:::::::* cpe:2.3:h:cisco:8711-32fh-m:-:::::::* cpe:2.3:h:cisco:8712-mod-m:-:::::::* cpe:2.3:h:cisco:8804:-:::::::* cpe:2.3:h:cisco:8808:-:::::::* cpe:2.3:h:cisco:8812:-:::::::* cpe:2.3:h:cisco:8818:-:::::::* cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-acc-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-fh-agg:-:::::::* cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:::::::* cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-acc-sys:-:::::::* cpe:2.3:h:cisco:ncs_5501-se:-:::::::* cpe:2.3:h:cisco:ncs_5501:-:::::::* cpe:2.3:h:cisco:ncs_5502-se:-:::::::* cpe:2.3:h:cisco:ncs_5502:-:::::::* cpe:2.3:h:cisco:ncs_5504:-:::::::* cpe:2.3:h:cisco:ncs_5508:-:::::::* cpe:2.3:h:cisco:ncs_5516:-:::::::* cpe:2.3:h:cisco:ncs_55a1-24h:-:::::::* cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:::::::* cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:::::::* cpe:2.3:h:cisco:ncs_55a1-36h-se:-:::::::* cpe:2.3:h:cisco:ncs_55a1-36h:-:::::::* cpe:2.3:h:cisco:ncs_55a1-48q6h:-:::::::* cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:::::::* cpe:2.3:h:cisco:ncs_55a2-mod-s:-:::::::* cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:::::::* cpe:2.3:h:cisco:ncs_560-4:-:::::::* cpe:2.3:h:cisco:ncs_560-7:-:::::::* cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:::::::* cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:::::::* cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:::::::* cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:::::::* cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:::::::* cpe:2.3:o:cisco:ios_xr:7.10.2:::::::* cpe:2.3:o:cisco:ios_xr:7.11:::::::*
Vendors & Products		Cisco 8011-4g24y4h-i Cisco 8101-32fh Cisco 8101-32fh-o Cisco 8101-32h-o Cisco 8102-28fh-dpu-o Cisco 8102-64h Cisco 8102-64h-o Cisco 8111-32eh-o Cisco 8122-64eh-o Cisco 8122-64ehf-o Cisco 8201 Cisco 8201-24h8fh Cisco 8201-32fh Cisco 8201-32fh-o Cisco 8202 Cisco 8202-32fh-m Cisco 8212-48fh-m Cisco 8404 Cisco 8501-sys-mt Cisco 8608 Cisco 8700 Cisco 8711-32fh-m Cisco 8712-mod-m Cisco 8804 Cisco 8808 Cisco 8812 Cisco 8818 Cisco ios Xr Cisco ncs 540-12z20g-sys-a Cisco ncs 540-12z20g-sys-d Cisco ncs 540-24q2c2dd-sys Cisco ncs 540-24q8l2dd-sys Cisco ncs 540-24z8q2c-sys Cisco ncs 540-28z4c-sys-a Cisco ncs 540-28z4c-sys-d Cisco ncs 540-6z14s-sys-d Cisco ncs 540-6z18g-sys-a Cisco ncs 540-6z18g-sys-d Cisco ncs 540-acc-sys Cisco ncs 540-fh-agg Cisco ncs 540-fh-csr-sys Cisco ncs 540x-12z16g-sys-a Cisco ncs 540x-12z16g-sys-d Cisco ncs 540x-16z4g8q2c-a Cisco ncs 540x-16z4g8q2c-d Cisco ncs 540x-16z8q2c-d Cisco ncs 540x-4z14g2q-a Cisco ncs 540x-4z14g2q-d Cisco ncs 540x-6z18g-sys-a Cisco ncs 540x-6z18g-sys-d Cisco ncs 540x-8z16g-sys-a Cisco ncs 540x-8z16g-sys-d Cisco ncs 540x-acc-sys Cisco ncs 5501 Cisco ncs 5501-se Cisco ncs 5502 Cisco ncs 5502-se Cisco ncs 5504 Cisco ncs 5508 Cisco ncs 5516 Cisco ncs 55a1-24h Cisco ncs 55a1-24q6h-s Cisco ncs 55a1-24q6h-ss Cisco ncs 55a1-36h Cisco ncs 55a1-36h-se Cisco ncs 55a1-48q6h Cisco ncs 55a2-mod-hd-s Cisco ncs 55a2-mod-s Cisco ncs 55a2-mod-se-s Cisco ncs 560-4 Cisco ncs 560-7 Cisco ncs 57b1-5dse-sys Cisco ncs 57b1-6d24-sys Cisco ncs 57c1-48q6-sys Cisco ncs 57c3-mod-sys Cisco ncs 57d2-18dd-sys

Subscriptions

Cisco 8011-4g24y4h-i 8101-32fh 8101-32fh-o 8101-32h-o 8102-28fh-dpu-o 8102-64h 8102-64h-o 8111-32eh-o 8122-64eh-o 8122-64ehf-o 8201 8201-24h8fh 8201-32fh 8201-32fh-o 8202 8202-32fh-m 8212-48fh-m 8404 8501-sys-mt 8608 8700 8711-32fh-m 8712-mod-m 8804 8808 8812 8818 Ios Xr Ios Xr Software Ncs 540-12z20g-sys-a Ncs 540-12z20g-sys-d Ncs 540-24q2c2dd-sys Ncs 540-24q8l2dd-sys Ncs 540-24z8q2c-sys Ncs 540-28z4c-sys-a Ncs 540-28z4c-sys-d Ncs 540-6z14s-sys-d Ncs 540-6z18g-sys-a Ncs 540-6z18g-sys-d Ncs 540-acc-sys Ncs 540-fh-agg Ncs 540-fh-csr-sys Ncs 540x-12z16g-sys-a Ncs 540x-12z16g-sys-d Ncs 540x-16z4g8q2c-a Ncs 540x-16z4g8q2c-d Ncs 540x-16z8q2c-d Ncs 540x-4z14g2q-a Ncs 540x-4z14g2q-d Ncs 540x-6z18g-sys-a Ncs 540x-6z18g-sys-d Ncs 540x-8z16g-sys-a Ncs 540x-8z16g-sys-d Ncs 540x-acc-sys Ncs 5501 Ncs 5501-se Ncs 5502 Ncs 5502-se Ncs 5504 Ncs 5508 Ncs 5516 Ncs 55a1-24h Ncs 55a1-24q6h-s Ncs 55a1-24q6h-ss Ncs 55a1-36h Ncs 55a1-36h-se Ncs 55a1-48q6h Ncs 55a2-mod-hd-s Ncs 55a2-mod-s Ncs 55a2-mod-se-s Ncs 560-4 Ncs 560-7 Ncs 57b1-5dse-sys Ncs 57b1-6d24-sys Ncs 57c1-48q6-sys Ncs 57c3-mod-sys Ncs 57d2-18dd-sys

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-03-13T16:43:53.196Z

Updated: 2024-08-02T19:49:57.842Z

Reserved: 2023-11-08T15:08:07.640Z

Link: CVE-2024-20322

Vulnrichment

Updated: 2024-08-01T21:59:41.959Z

NVD

Status : Analyzed

Published: 2024-03-13T17:15:48.407

Modified: 2025-08-05T14:41:53.510

Link: CVE-2024-20322

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-13T11:22:29Z

Weaknesses

CWE-284

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object