CVE-2024-20263
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-20263
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Small Business 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Small Business是美国思科(Cisco)公司的一个交换机。 Cisco Small Business 存在安全漏洞,该漏洞源于当主交换机或备用交换机经历完整堆栈重新加载或电源周期时,堆栈配置上的 ACL 处理不正确。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches | 2.0.0.73 | - |
II. Public POCs for CVE-2024-20263
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-20263
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2024-01-26 · 3 CVEs total
| CVE-2024-20253 | 9.9 CRITICAL | Cisco Unified Communications Products 安全漏洞 |
| CVE-2024-20305 | 4.8 MEDIUM | Cisco Unity Connection 安全漏洞 |
IV. Related Vulnerabilities
Same product: Cisco Small Business Smart and Managed Switches
- CVE-2026-20185
Cisco SG350 and SG350X Series Managed Switches SNMP Denial o - CVE-2023-20188
多款Cisco产品 跨站脚本漏洞 - CVE-2023-20189
Cisco Small Business Series Switches Buffer Overflow Vulnera - CVE-2023-20162
Cisco Small Business Series Switches Buffer Overflow Vulnera - CVE-2023-20161
Cisco Small Business Series Switches Buffer Overflow Vulnera
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. Comments for CVE-2024-20263
No comments yet