CWE
20
Advisory Published
Updated

CVE-2020-3139: Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability

First published: Sun Jan 26 2020(Updated: )

A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j).

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Application Policy Infrastructure Controller<4.2\(3j\)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-3139?

    CVE-2020-3139 is a vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) that could allow an unauthenticated, remote attacker to bypass deny entries for specific IP ports.

  • What is the severity of CVE-2020-3139?

    The severity of CVE-2020-3139 is medium with a CVSS score of 5.3.

  • How does CVE-2020-3139 affect Cisco Application Policy Infrastructure Controller?

    CVE-2020-3139 affects Cisco Application Policy Infrastructure Controller by allowing an attacker to bypass deny entries for specific IP ports on the out of band (OOB) management interface.

  • How can an attacker exploit CVE-2020-3139?

    An attacker can exploit CVE-2020-3139 by sending specially crafted requests to the vulnerable OOB management interface of Cisco APIC.

  • Is there a fix for CVE-2020-3139?

    Yes, Cisco has released software updates to address the vulnerability. Please refer to the official Cisco Security Advisory for more information.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203