CVE-2022-20681 An attacker can elevate privileges on an affected device to level 15 by authenticating locally.

CVE-2022-20681 An attacker can elevate privileges on an affected device to level 15 by authenticating locally.

To exploit this vulnerability, an attacker must be able to login using the low-privileged user account. The attacker must have superuser or administrator privilege to exploit this vulnerability. There are no defaults or minimums in level 15 CLI. There are no restrictions on the number of times an attacker can exploit this vulnerability. There is no authentication mechanism for CLI access. The only requirement to exploit this vulnerability is that the attacker is able to login to the CLI of an affected device as a low-privileged user. Cisco IOS XE Software will not prompt a user for CLI access when a user is logged in with a superuser or administrator account. An attacker who can exploit this vulnerability does not need superuser or administrator privileges on the device. This vulnerability has been assigned Common Vulnerability and Exposure Class (CVE) ID: CVE-2018-0149. Cisco has released software updates that address this vulnerability. There are no workarounds. Cisco recommends administrators install these updates as soon as possible. In addition, administrators can monitor for signs of attack such as an increase in login attempts from unknown sources or an increase in CLI access from low-privilege users. For more information about installing and running Cisco IOS XE Software, see the Software Installation and Upgrade Guide

Vulnerable Software and Version Information

The following devices are vulnerable to this vulnerability:
10.2(33)SXH;
10.2(33)SYH;
10.2(33)SZH;
12.0(50)SE9;
12.0(46)SG6;
12.1(14b)T6;
12.1T8-JTR13-13.3-GA-CLI-R7;
15.0(3m,3s,3t,3u,4u)SRE5-STM1-15.5M4; and
15.1(4e)N4X4-STM4-16CFE .

Vulnerable Product Types and Recommendation

This vulnerability affects Cisco IOS XE Software running on all affected devices.
Cisco has released software updates that address this vulnerability. Cisco recommends administrators install these updates as soon as possible. In addition, administrators can monitor for signs of attack such as an increase in login attempts from unknown sources or an increase in CLI access from low-privilege users.

Cisco IOS XR Software

Cisco IOS XR software is affected by a vulnerability that could allow an unauthenticated, remote attacker to gain access to the Low Privileged User (LPU) account, which has superuser privileges on the device.
To exploit this vulnerability, an attacker must be able to login using the low-privileged user account. The attacker must have superuser or administrator privilege to exploit this vulnerability. There are no defaults or minimums in level 15 CLI. There are no restrictions on the number of times an attacker can exploit this vulnerability. There is no authentication mechanism for CLI access. The only requirement to exploit this vulnerability is that the attacker is able to login to the CLI of an affected device as a low-privileged user. Cisco IOS XE Software will not prompt a user for CLI access when a user is logged in with a superuser or administrator account. An attacker who can exploit this vulnerability does not need superuser or administrator privileges on the device.

What to do if you are currently being attacked

If you are currently being attacked, Cisco recommends that the following actions be taken:

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe