CVE-2020-3139

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) versions prior to 4.2(3j)

Description A vulnerability in the out of band (OOB) management interface IP table rule programming could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. The issue is due to a programming logic error in the configuration of specific IP table entries, resulting in the IP port being permitted instead of dropped. An attacker could exploit this by sending traffic to the OOB management interface, potentially bypassing configured IP table rules to drop specific IP port traffic. The attacker has no control over the device's configuration.

Recommendations For versions prior to 4.2(3j), update to Release 4.2(3j) or later to resolve the issue. As a temporary workaround, consider restricting access to the OOB management interface to minimize the risk of exploitation.