Main Vulnerability Database Vulnerabilities #VU24667

#VU24667 Input validation error in Cisco Application Policy Infrastructure Controller - CVE-2020-3139

Published: January 27, 2020

Vulnerability identifier: #VU24667

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3139

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Application Policy Infrastructure Controller

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass configured deny entries for specific IP ports.

The vulnerability exists in the out of band (OOB) management interface due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. A remote attacker can send traffic to the OOB management interface and bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL