topic Cisco also patched a medium-risk vulnerability, bypassing SNMP restrictions in IOS and IOS XE in Threats https://community.isc2.org/t5/Threats/Cisco-also-patched-a-medium-risk-vulnerability-bypassing-SNMP/m-p/69641#M1182 <P>Dear all,</P><P>&nbsp;</P><P><SPAN class="">Cisco also patched a medium-risk vulnerability,&nbsp;</SPAN><A title="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww" href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww" target="_blank" rel="noopener noreferrer"><SPAN class="">CVE-2024-20373</SPAN></A><SPAN class="">, in its IOS and IOS XE Software which is used on many of its enterprise switches and routers. The flaw allows unauthenticated attackers to bypass the Access Control List (ACL) feature for simple network management protocol (SNMP) in certain cases. SNMP is a protocol that allows devices to expose information about their configurations and to make modifications to those settings over the network.</SPAN></P><P><SPAN class="">&nbsp;</SPAN></P><P><SPAN class="">“This vulnerability exists because Cisco IOS software and Cisco IOS XE software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message,” Cisco explains in its advisory. “This can result in no ACL being applied to the SNMP listening process.”</SPAN></P><P><SPAN class="">&nbsp;</SPAN></P><P><A href="https://www.csoonline.com/article/2093447/cisco-fixes-vulnerabilities-in-integrated-management-controller.html?utm_campaign=editorial&amp;utm_medium=cso&amp;utm_source=browseralert" target="_blank">https://www.csoonline.com/article/2093447/cisco-fixes-vulnerabilities-in-integrated-management-controller.html?utm_campaign=editorial&amp;utm_medium=cso&amp;utm_source=browseralert</A></P><P>&nbsp;</P><P><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww" target="_blank">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 22 Apr 2024 13:22:56 GMT Kyaw_Myo_Oo 2024-04-22T13:22:56Z Cisco also patched a medium-risk vulnerability, bypassing SNMP restrictions in IOS and IOS XE https://community.isc2.org/t5/Threats/Cisco-also-patched-a-medium-risk-vulnerability-bypassing-SNMP/m-p/69641#M1182 <P>Dear all,</P><P>&nbsp;</P><P><SPAN class="">Cisco also patched a medium-risk vulnerability,&nbsp;</SPAN><A title="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww" href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww" target="_blank" rel="noopener noreferrer"><SPAN class="">CVE-2024-20373</SPAN></A><SPAN class="">, in its IOS and IOS XE Software which is used on many of its enterprise switches and routers. The flaw allows unauthenticated attackers to bypass the Access Control List (ACL) feature for simple network management protocol (SNMP) in certain cases. SNMP is a protocol that allows devices to expose information about their configurations and to make modifications to those settings over the network.</SPAN></P><P><SPAN class="">&nbsp;</SPAN></P><P><SPAN class="">“This vulnerability exists because Cisco IOS software and Cisco IOS XE software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message,” Cisco explains in its advisory. “This can result in no ACL being applied to the SNMP listening process.”</SPAN></P><P><SPAN class="">&nbsp;</SPAN></P><P><A href="https://www.csoonline.com/article/2093447/cisco-fixes-vulnerabilities-in-integrated-management-controller.html?utm_campaign=editorial&amp;utm_medium=cso&amp;utm_source=browseralert" target="_blank">https://www.csoonline.com/article/2093447/cisco-fixes-vulnerabilities-in-integrated-management-controller.html?utm_campaign=editorial&amp;utm_medium=cso&amp;utm_source=browseralert</A></P><P>&nbsp;</P><P><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww" target="_blank">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 22 Apr 2024 13:22:56 GMT https://community.isc2.org/t5/Threats/Cisco-also-patched-a-medium-risk-vulnerability-bypassing-SNMP/m-p/69641#M1182 Kyaw_Myo_Oo 2024-04-22T13:22:56Z