CVE-2022-20739 An attacker can execute commands as root with a vulnerability in Cisco SD-WAN vManage CLI.

CVE-2022-20739 An attacker can execute commands as root with a vulnerability in Cisco SD-WAN vManage CLI.

Cisco currently has information about this vulnerability that indicates that there is no public exploit. Cisco has initiated the responsible disclosure process and will release information about the public exploit once it is known. Cisco recommends users take action to install software updates as soon as they become available. Users can also consider restricting access to the CLI by creating strict network access rules for privileged users. Cisco recommends users review their Cisco devices for other access points to privileged systems that may be vulnerable to attack.

Cisco CSCeb9072 CSCeb9072

A vulnerability in the CLI of Cisco IOS Software that could allow unauthorized users to access privileged commands on a Cisco device.

Cisco ASA Software Features and Limitations Affected by CVE-2022-20739

The following output is generated by the show configuration privileged EXEC command:

1. There are no known public exploits for this vulnerability.
2. Information about this vulnerability is available at https://www.cisco.com/security/center/content/CiscoSA-20180719-CVE-2022-20739.html
3. Restricting access to the CLI is recommended for end users in order to protect them from attack; see http://www.cisco.com/en/US/products/hw/switches/ps708/products_user_guide_chapter09186a0080f7e0d5.html#wp1486261
4. Cisco ASA Software features and limitations that may be affected by CVE-2022-20739 are listed below:

* Memory tunable via command line interface (CLI)
* SSH access allowed from any interface on a given device
* Redundant power supplies supported with redundant power cords

Cisco IOS Software and IOS XE Software: Vulnerabilities

Cisco IOS Software and IOS XE Software have vulnerabilities that may be exploited to cause a denial of service (DoS) or potentially gain unauthorized access to privileged system commands. These vulnerabilities exist in some Cisco devices and are present in IOS XE Software when certain configuration options are enabled.

Cisco Devices Currently Affected by CVE-2022 -20739

Cisco devices currently known to be vulnerable to the exploit are listed below:
• Cisco Small Business 250 Series
• Cisco Small Business MSP
• Cisco Cloud Services Platform 3000 (CSP3K)

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe