Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming (cisco-sa-nxos-po-acl-TkyePgvL)

medium Nessus Plugin ID 192306

Synopsis

The remote device is missing a vendor-supplied security patch

Description

A vulnerability exists in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwf47127

See Also

http://www.nessus.org/u?f87df2e3

http://www.nessus.org/u?e327a04a

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf47127

Plugin Details

Severity: Medium

ID: 192306

File Name: cisco-sa-nxos-po-acl-TkyePgvL.nasl

Version: 1.0

Type: combined

Family: CISCO

Published: 3/20/2024

Updated: 3/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2024-20291

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 2/28/2024

Vulnerability Publication Date: 2/28/2024

Reference Information

CVE: CVE-2024-20291

CWE: 284

CISCO-SA: cisco-sa-nxos-po-acl-TkyePgvL

IAVA: 2024-A-0119

CISCO-BUG-ID: CSCwf47127