Main Vulnerability Database SB2020012707

SB2020012707 - Input validation error in Cisco Application Policy Infrastructure Controller

Published: January 27, 2020

Security Bulletin ID SB2020012707

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2020-3139)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass configured deny entries for specific IP ports.

The vulnerability exists in the out of band (OOB) management interface due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. A remote attacker can send traffic to the OOB management interface and bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL