Vulnerability Details CVE-2020-3139
A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-3139
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:-
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(1e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(1h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(1k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(1n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(2j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(2m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(3f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(3i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(3k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(3n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(3o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(4h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(4o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0(4q)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(0.920a)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(0c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(1j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(1o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(1r)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(1s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(2h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(2i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(3f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(4e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(4f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(4g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(4i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(4l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1(4m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1.3
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2(1m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2(2)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2(2i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2(2j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2(3)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2(3h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2(3m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2.2
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2_base
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(1)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(1j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(2)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(2f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(2h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(2i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(2j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3(2k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(1)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(1n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(1o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(1p)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(1q)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(1r)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(2f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(2g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(2h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(2l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(2n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0(2o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0_base
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(2g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(2k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(3g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(3h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(3j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1(4a)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(1o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(2f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(2j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(2k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(2q)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(3j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(3p)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(3r)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(3s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(3t)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(4f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(4p)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(4q)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2(4r)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3(1f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3(1o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3(1p)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0(1k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0(2h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0(2k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0(2n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0(3i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2p)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2q)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2t)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2u)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1(2v)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(1m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(2l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(2o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3n)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3r)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(3s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(4d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(4e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(5d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(5e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(5f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(6i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(7f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(7k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2(9b)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0(1h)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0(2c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0(3d)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(0.88a)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(0.90a)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1k)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2m)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2o)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2s)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2u)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2w)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1(2x)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(0.21c)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(1i)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(1j)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(1l)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(2e)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(2f)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(2g)
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2(2l)