critical
9.3
CWE
863
Advisory Published
Updated

CVE-2024-20510

First published: Wed Sep 25 2024(Updated: )

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco IOS XE=16.3.1
Cisco IOS XE=16.3.1a
Cisco IOS XE=16.3.2
Cisco IOS XE=16.3.3
Cisco IOS XE=16.3.4
Cisco IOS XE=16.3.5
Cisco IOS XE=16.3.5b
Cisco IOS XE=16.3.6
Cisco IOS XE=16.3.7
Cisco IOS XE=16.3.8
Cisco IOS XE=16.3.9
Cisco IOS XE=16.3.10
Cisco IOS XE=16.3.11
Cisco IOS XE=16.4.1
Cisco IOS XE=16.4.2
Cisco IOS XE=16.4.3
Cisco IOS XE=16.5.1
Cisco IOS XE=16.5.1a
Cisco IOS XE=16.5.1b
Cisco IOS XE=16.5.2
Cisco IOS XE=16.5.3
Cisco IOS XE=16.6.1
Cisco IOS XE=16.6.2
Cisco IOS XE=16.6.3
Cisco IOS XE=16.6.4
Cisco IOS XE=16.6.4a
Cisco IOS XE=16.6.5
Cisco IOS XE=16.6.5a
Cisco IOS XE=16.6.6
Cisco IOS XE=16.6.7
Cisco IOS XE=16.6.8
Cisco IOS XE=16.6.9
Cisco IOS XE=16.6.10
Cisco IOS XE=16.7.1
Cisco IOS XE=16.7.1a
Cisco IOS XE=16.7.1b
Cisco IOS XE=16.7.2
Cisco IOS XE=16.7.3
Cisco IOS XE=16.7.4
Cisco IOS XE=16.8.1
Cisco IOS XE=16.8.1a
Cisco IOS XE=16.8.1b
Cisco IOS XE=16.8.1c
Cisco IOS XE=16.8.1d
Cisco IOS XE=16.8.1e
Cisco IOS XE=16.8.1s
Cisco IOS XE=16.8.2
Cisco IOS XE=16.8.3
Cisco IOS XE=16.9.1
Cisco IOS XE=16.9.1a
Cisco IOS XE=16.9.1b
Cisco IOS XE=16.9.1s
Cisco IOS XE=16.9.2
Cisco IOS XE=16.9.3
Cisco IOS XE=16.9.3a
Cisco IOS XE=16.9.4
Cisco IOS XE=16.9.5
Cisco IOS XE=16.9.5f
Cisco IOS XE=16.9.6
Cisco IOS XE=16.9.7
Cisco IOS XE=16.9.8
Cisco IOS XE=16.10.1
Cisco IOS XE=16.10.1a
Cisco IOS XE=16.10.1b
Cisco IOS XE=16.10.1c
Cisco IOS XE=16.10.1d
Cisco IOS XE=16.10.1e
Cisco IOS XE=16.10.1f
Cisco IOS XE=16.10.1g
Cisco IOS XE=16.10.1s
Cisco IOS XE=16.10.2
Cisco IOS XE=16.10.3
Cisco IOS XE=16.11.1
Cisco IOS XE=16.11.1a
Cisco IOS XE=16.11.1b
Cisco IOS XE=16.11.1s
Cisco IOS XE=16.11.2
Cisco IOS XE=16.12.1
Cisco IOS XE=16.12.1a
Cisco IOS XE=16.12.1c
Cisco IOS XE=16.12.1s
Cisco IOS XE=16.12.1t
Cisco IOS XE=16.12.1w
Cisco IOS XE=16.12.1x
Cisco IOS XE=16.12.1y
Cisco IOS XE=16.12.1z1
Cisco IOS XE=16.12.1z2
Cisco IOS XE=16.12.2
Cisco IOS XE=16.12.2a
Cisco IOS XE=16.12.2s
Cisco IOS XE=16.12.3
Cisco IOS XE=16.12.3a
Cisco IOS XE=16.12.3s
Cisco IOS XE=16.12.4
Cisco IOS XE=16.12.4a
Cisco IOS XE=16.12.5
Cisco IOS XE=16.12.5a
Cisco IOS XE=16.12.5b
Cisco IOS XE=16.12.6
Cisco IOS XE=16.12.6a
Cisco IOS XE=16.12.7
Cisco IOS XE=16.12.8
Cisco IOS XE=16.12.9
Cisco IOS XE=16.12.10
Cisco IOS XE=16.12.10a
Cisco IOS XE=16.12.11
Cisco IOS XE=17.1.1
Cisco IOS XE=17.1.1a
Cisco IOS XE=17.1.1s
Cisco IOS XE=17.1.1t
Cisco IOS XE=17.1.3
Cisco IOS XE=17.2.1
Cisco IOS XE=17.2.1a
Cisco IOS XE=17.2.1r
Cisco IOS XE=17.2.1v
Cisco IOS XE=17.2.2
Cisco IOS XE=17.2.3
Cisco IOS XE=17.3.1
Cisco IOS XE=17.3.1a
Cisco IOS XE=17.3.1w
Cisco IOS XE=17.3.1x
Cisco IOS XE=17.3.1z
Cisco IOS XE=17.3.2
Cisco IOS XE=17.3.2a
Cisco IOS XE=17.3.3
Cisco IOS XE=17.3.4
Cisco IOS XE=17.3.4a
Cisco IOS XE=17.3.4b
Cisco IOS XE=17.3.4c
Cisco IOS XE=17.3.5
Cisco IOS XE=17.3.5a
Cisco IOS XE=17.3.5b
Cisco IOS XE=17.3.6
Cisco IOS XE=17.3.7
Cisco IOS XE=17.3.8
Cisco IOS XE=17.3.8a
Cisco IOS XE=17.4.1
Cisco IOS XE=17.4.1a
Cisco IOS XE=17.4.1b
Cisco IOS XE=17.4.2
Cisco IOS XE=17.4.2a
Cisco IOS XE=17.5.1
Cisco IOS XE=17.5.1a
Cisco IOS XE=17.6.1
Cisco IOS XE=17.6.1a
Cisco IOS XE=17.6.1w
Cisco IOS XE=17.6.1x
Cisco IOS XE=17.6.1y
Cisco IOS XE=17.6.1z
Cisco IOS XE=17.6.1z1
Cisco IOS XE=17.6.2
Cisco IOS XE=17.6.3
Cisco IOS XE=17.6.3a
Cisco IOS XE=17.6.4
Cisco IOS XE=17.6.5
Cisco IOS XE=17.6.5a
Cisco IOS XE=17.6.6
Cisco IOS XE=17.6.6a
Cisco IOS XE=17.6.7
Cisco IOS XE=17.7.1
Cisco IOS XE=17.7.1a
Cisco IOS XE=17.7.1b
Cisco IOS XE=17.7.2
Cisco IOS XE=17.8.1
Cisco IOS XE=17.8.1a
Cisco IOS XE=17.9.1
Cisco IOS XE=17.9.1a
Cisco IOS XE=17.9.1w
Cisco IOS XE=17.9.1x
Cisco IOS XE=17.9.1x1
Cisco IOS XE=17.9.1y
Cisco IOS XE=17.9.1y1
Cisco IOS XE=17.9.2
Cisco IOS XE=17.9.2a
Cisco IOS XE=17.9.3
Cisco IOS XE=17.9.3a
Cisco IOS XE=17.9.4
Cisco IOS XE=17.9.4a
Cisco IOS XE=17.9.5
Cisco IOS XE=17.9.5a
Cisco IOS XE=17.9.5b
Cisco IOS XE=17.10.1
Cisco IOS XE=17.10.1a
Cisco IOS XE=17.10.1b
Cisco IOS XE=17.11.1
Cisco IOS XE=17.11.1a
Cisco IOS XE=17.11.99sw
Cisco IOS XE=17.12.1
Cisco IOS XE=17.12.1a
Cisco IOS XE=17.12.1w
Cisco IOS XE=17.12.1x
Cisco IOS XE=17.12.1y
Cisco IOS XE=17.12.2
Cisco IOS XE=17.12.2a
Cisco IOS XE=17.12.3
Cisco IOS XE=17.13.1
Cisco IOS XE=17.13.1a

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-20510?

    CVE-2024-20510 has a severity level rated as high, indicating significant risk.

  • How do I fix CVE-2024-20510?

    To mitigate CVE-2024-20510, upgrade to the latest patched version of Cisco IOS XE Software.

  • What impact does CVE-2024-20510 have on my network?

    CVE-2024-20510 allows unauthenticated adjacent attackers to bypass access control, potentially leading to unauthorized access to network resources.

  • Which Cisco IOS XE versions are affected by CVE-2024-20510?

    CVE-2024-20510 affects various versions of Cisco IOS XE, including 16.3.1 to 17.13.1.

  • Is there a workaround for CVE-2024-20510?

    Currently, there are no workarounds available for CVE-2024-20510; updating to a secure version is necessary.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203