漏洞标题
Cisco应用程序策略基础设施控制器外联管理IP表格绕过漏洞
漏洞描述信息
Cisco应用策略基础设施控制器旁带管理IP表格绕过漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
漏洞类别
N/A
漏洞标题
Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability
漏洞描述信息
A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j).
CVSS信息
N/A
漏洞类别
输入验证不恰当
漏洞标题
Cisco Application Policy Infrastructure Controller 输入验证错误漏洞
漏洞描述信息
Cisco Application Policy Infrastructure Controller(APIC)是美国思科(Cisco)公司的一款自动化的基础架构部署和治理解决方案。 使用4.2(3j)之前版本固件的Cisco APIC中OOB管理接口的IP表单条目的配置存在输入验证错误漏洞。远程攻击者可利用漏洞绕过已配置的IP表规则。
CVSS信息
N/A
漏洞类别
输入验证错误