CVE-2020-3139
Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j).
Una vulnerabilidad en la programación de reglas de la tabla IP de la interfaz de administración fuera de banda (OOB) para el Controlador de Infraestructura de Políticas de Aplicación de Cisco (APIC) podría permitir que un atacante remoto no autenticado omita las entradas denegadas configuradas para puertos IP específicos. Estos puertos IP se permitirían a la interfaz de administración OOB cuando, de hecho, los paquetes deberían descartarse. La vulnerabilidad se debe a la configuración de entradas específicas de la tabla IP para las cuales hay un error de lógica de programación que hace que se permita el puerto IP. Un atacante podría aprovechar esta vulnerabilidad enviando tráfico a la interfaz de administración OOB en el dispositivo de destino. Una explotación con éxito podría permitir que el atacante omita las reglas configuradas de la tabla IP para eliminar el tráfico específico del puerto IP. El atacante no tiene control sobre la configuración del dispositivo en sí. Esta vulnerabilidad afecta a las versiones de Cisco APIC anteriores a la primera versión de software fija 4.2 (3j).
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2019-12-12 CVE Reserved
- 2020-01-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Application Policy Infrastructure Controller Search vendor "Cisco" for product "Application Policy Infrastructure Controller" | < 4.2\(3j\) Search vendor "Cisco" for product "Application Policy Infrastructure Controller" and version " < 4.2\(3j\)" | - |
Affected
|