CVE-2020-3139

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 55.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Application Policy Infrastructure Controller Cisco Cisco Application Policy Infrastructure Controller (apic)

Timeline

PublishedJan 26

Latest updateMay 24

Description

A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_application_policy_infrastructure_controller_(apic)prior to 4.2(3j)

▶NVDcisco/application_policy_infrastructure_controller< 4.2\(3j\)

🔴Vulnerability Details

GHSA

GHSA-j72w-hrcq-cmrg: [CVE-2020-3139_su] A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure↗2022-05-24

▶

CVEList

Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability↗2020-01-26

▶

📋Vendor Advisories

Red Hat

tcmu-runner: SCSI target (LIO) write to any block on ILO backstore↗2021-01-13

▶

Cisco

Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability↗2020-01-22

▶