Main Vulnerability Database Vulnerabilities #VU24667

Input validation error in Cisco Application Policy Infrastructure Controller - CVE-2020-3139

Published: January 27, 2020

Vulnerability identifier: #VU24667

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3139

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Application Policy Infrastructure Controller

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass configured deny entries for specific IP ports.

The vulnerability exists in the out of band (OOB) management interface due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. A remote attacker can send traffic to the OOB management interface and bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself.

How to mitigate CVE-2020-3139

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL

Input validation error in Cisco Application Policy Infrastructure Controller - CVE-2020-3139

Detailed vulnerability description

How to mitigate CVE-2020-3139

Sources

Please verify you're human