5.8
MEDIUM
CVE-2024-20291
"Cisco Nexus 3000/9000 Series Switches ACL Programming Denial of Service (DoS)"
Description

A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.

INFO

Published Date :

Feb. 29, 2024, 1:43 a.m.

Last Modified :

April 30, 2025, 2:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

1.4

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2024-20291 has a 4 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-20291 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco nx-os
2 Cisco nexus_3048
3 Cisco nexus_31108pc-v
4 Cisco nexus_31108tc-v
5 Cisco nexus_31128pq
6 Cisco nexus_3132c-z
7 Cisco nexus_3132q-v
8 Cisco nexus_3132q-xl
9 Cisco nexus_3164q
10 Cisco nexus_3172pq
11 Cisco nexus_3172pq-xl
12 Cisco nexus_3172tq
13 Cisco nexus_3172tq-32t
14 Cisco nexus_3172tq-xl
15 Cisco nexus_3232c
16 Cisco nexus_3264c-e
17 Cisco nexus_3264q
18 Cisco nexus_3408-s
19 Cisco nexus_34180yc
20 Cisco nexus_34200yc-sm
21 Cisco nexus_3432d-s
22 Cisco nexus_3464c
23 Cisco nexus_3524-x
24 Cisco nexus_3524-xl
25 Cisco nexus_3548-x
26 Cisco nexus_3548-xl
27 Cisco nexus_36180yc-r
28 Cisco nexus_9000v
29 Cisco nexus_92160yc-x
30 Cisco nexus_92300yc
31 Cisco nexus_92304qc
32 Cisco nexus_92348gc-x
33 Cisco nexus_9236c
34 Cisco nexus_9272q
35 Cisco nexus_93108tc-ex
36 Cisco nexus_93108tc-ex-24
37 Cisco nexus_93108tc-fx
38 Cisco nexus_93108tc-fx-24
39 Cisco nexus_93108tc-fx3h
40 Cisco nexus_93108tc-fx3p
41 Cisco nexus_93120tx
42 Cisco nexus_9316d-gx
43 Cisco nexus_93180lc-ex
44 Cisco nexus_93180yc-ex
45 Cisco nexus_93180yc-ex-24
46 Cisco nexus_93180yc-fx
47 Cisco nexus_93180yc-fx-24
48 Cisco nexus_93180yc-fx3
49 Cisco nexus_93180yc-fx3h
50 Cisco nexus_93180yc-fx3s
51 Cisco nexus_93216tc-fx2
52 Cisco nexus_93240yc-fx2
53 Cisco nexus_9332c
54 Cisco nexus_9332d-gx2b
55 Cisco nexus_9332d-h2r
56 Cisco nexus_9332pq
57 Cisco nexus_93360yc-fx2
58 Cisco nexus_9336c-fx2
59 Cisco nexus_9336c-fx2-e
60 Cisco nexus_9336pq_aci_spine
61 Cisco nexus_9348d-gx2a
62 Cisco nexus_9348gc-fx3
63 Cisco nexus_9348gc-fxp
64 Cisco nexus_93600cd-gx
65 Cisco nexus_9364c
66 Cisco nexus_9364c-gx
67 Cisco nexus_9364d-gx2a
68 Cisco nexus_9372px-e
69 Cisco nexus_9372tx-e
70 Cisco nexus_9396tx
71 Cisco nexus_9408
72 Cisco nexus_9508
73 Cisco nexus_9804
74 Cisco nexus_9808
75 Cisco nexus_9000_in_standalone_nx-os_mode
76 Cisco nexus_93108tc-fx3
77 Cisco nexus_93400ld-h1
78 Cisco nexus_9364c-h1
79 Cisco nexus_3000_in_standalone_nx-os_mode
80 Cisco nexus_92348gc-fx3
81 Cisco nexus_9364e-sg2
: Total Affected Vendor : 1 | Products : 81
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-20291.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Instructor-Team8/CVE-2024-20291-POC

CVE-2024-20291-POC exploit ---> RCE

Updated: 1 year ago
2 stars 0 fork 0 watcher
Born at : March 3, 2024, 8:53 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
BetterCzz/CVE-2024-20291-POC

CVE-2024-20291-POC exploit ---> RCE

Updated: 1 year, 2 months ago
2 stars 1 fork 1 watcher
Born at : March 3, 2024, 5:25 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
greandfather/CVE-2024-20291-POC

CVE-2024-20291-POC exploit ---> RCE

Updated: 1 year, 2 months ago
3 stars 2 fork 2 watcher
Born at : March 3, 2024, 12:04 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 2 weeks, 4 days ago
6873 stars 1158 fork 1158 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 848 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-20291 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-20291 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Apr. 30, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
    Added CWE CWE-863
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:nx-os:9.3(10):*:*:*:*:*:*:* *cpe:2.3:o:cisco:nx-os:9.3(11):*:*:*:*:*:*:* *cpe:2.3:o:cisco:nx-os:9.3(12):*:*:*:*:*:*:* OR cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9000_in_standalone_nx-os_mode:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3000_in_standalone_nx-os_mode:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364c-h1:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364e-sg2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92348gc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93400ld-h1:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*
    Added Reference Type CVE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL Types: Vendor Advisory
    Added Reference Type Cisco Systems, Inc.: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL Types: Vendor Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by [email protected]

    Feb. 29, 2024

    Action Type Old Value New Value
    Added Description A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
    Added Reference Cisco Systems, Inc. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL [No types assigned]
    Added CWE Cisco Systems, Inc. CWE-284
    Added CVSS V3.1 Cisco Systems, Inc. AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-20291 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-20291 weaknesses.

CAPEC-19: Embedding Scripts within Scripts Embedding Scripts within Scripts CAPEC-441: Malicious Logic Insertion Malicious Logic Insertion CAPEC-478: Modification of Windows Service Configuration Modification of Windows Service Configuration CAPEC-479: Malicious Root Certificate Malicious Root Certificate CAPEC-502: Intent Spoof Intent Spoof CAPEC-503: WebView Exposure WebView Exposure CAPEC-536: Data Injected During Configuration Data Injected During Configuration CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment Incomplete Data Deletion in a Multi-Tenant Environment CAPEC-550: Install New Service Install New Service CAPEC-551: Modify Existing Service Modify Existing Service CAPEC-552: Install Rootkit Install Rootkit CAPEC-556: Replace File Extension Handlers Replace File Extension Handlers CAPEC-558: Replace Trusted Executable Replace Trusted Executable CAPEC-562: Modify Shared File Modify Shared File CAPEC-563: Add Malicious File to Shared Webroot Add Malicious File to Shared Webroot CAPEC-564: Run Software at Logon Run Software at Logon CAPEC-578: Disable Security Software Disable Security Software
CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 16, 2025 6:02