Vulnerability identifier: #VU24667
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Application Policy Infrastructure Controller
Web applications /
Remote management & hosting panels
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass configured deny entries for specific IP ports.
The vulnerability exists in the out of band (OOB) management interface due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. A remote attacker can send traffic to the OOB management interface and bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco Application Policy Infrastructure Controller: 1.0.1e - 4.2.2g
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.