How severe is CVE-2024-20316?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2024-20316?

This is classified as CWE-390, which is a common weakness in software security.

CVE-2024-20316 - MEDIUM Severity | CVSS 5.8

Vulnerability Description

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.

Related Vulnerabilities

CVE-2017-7485

MEDIUM

CVSS:5.9(Medium)

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection...

CWE-3902017

CVE-2024-11942

MEDIUM

CVSS:5.9(Medium)

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

CWE-3902024

CVE-2024-12086

MEDIUM

CVSS:6.1(Medium)

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. Du...

CWE-3902024

CVE-2024-30255

MEDIUM

CVSS:5.3(Medium)

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CO...

CWE-3902024

CVE-2025-25204

MEDIUM

CVSS:6.3(Medium)

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` c...

CWE-3902025

CVE-2025-26465

MEDIUM

CVSS:6.8(Medium)

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs...

CWE-3902025