CVE Tools
Sign in

CVE-2024-20373

Cisco IOS and Cisco IOS XE SNMP Extended ACL Bypass Vulnerability

Published: Nov 15, 2024Updated: Aug 1, 2025 Sources: CVE List NVD BDUCWE-284
NVD MITRE
5.3CVSSMEDIUM
EPSS Score
0.5%
Top 60.6%
CISA KEV
Not in KEV
Exploits
0 Known
Remediation
Patch Available

Description

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.  This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials. SNMP with IPv6 ACL configurations is not affected. For more information, see the section of this advisory.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:LA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:LIntegrity
Low
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-284

Affected Products

ios xe sd-wanciscoNetworking Infrastructure
Cisco IOS XE Catalyst SD-WANCiscoNetworking Infrastructure
ciscocommercialUSNetworking Infrastructureaka cisco systems, cisco systems inc.

Exploitability

0 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww
sec.cloudapps.cisco.com
https://www.cybersecurity-help.cz/vdb/SB2024041821
cybersecurity-help.cz
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww
sec.cloudapps.cisco.com

Timeline

Published
Nov 15, 2024
Last Updated
Aug 1, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-20373 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows