What is CVE-2024-20263?

CVE-2024-20263 is a medium-severity vulnerability in Cisco Small Business Smart And Managed Switches, classified under Improper Access Control. CVSS score: 5.8/10. Published 2024-01-26.

How severe is CVE-2024-20263?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Cisco Small Business Smart And Managed Switches

CVE-2024-20263

A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to byp…

EPSS: 0.000 (2.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Cisco Small Business Smart And Managed Switches — versions 2.0.0.73, 2.1.0.63, 2.2.0.63

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

cisco-sa-sb-bus-acl-bypass-5zn9hNJk

Frequently asked questions

What is CVE-2024-20263?: CVE-2024-20263 is a medium-severity vulnerability in Cisco Small Business Smart And Managed Switches, classified under Improper Access Control. CVSS score: 5.8/10. Published 2024-01-26.
How severe is CVE-2024-20263?: Medium severity. CVSS v3 base score is 5.8 out of 10.