Skip to content

Defense Digests

Cisco CLI Command Injection Vulnerability

Dataprise Defense Digest 550x550

Table of content

EXECUTIVE SUMMARY:

Cisco has identified a new vulnerability affecting:

  • SD-WAN -vEdge, IOS XE hardware; vBond, vManage, vSmart, IOS XR software
  • Ultra Gateway
  • Network Services Orchestrator
  • Virtual Topology System
  • Enterprise NFV Infrastructure Software
  • ConfD

This is a Command Line Interface (CLI) vulnerability on a number of Cisco products. There is no workaround, only (free) software updates.  It uses the on-device management framework (ConfD) to execute commands with root privileges.

Left unpatched, this vulnerability allows unauthenticated attackers to perform command injection attacks.

 

ID: D3-2022-0003

Severity: 8.8 (HIGH)

IMPACT

In essence, an unauthenticated attacker is able to execute code as a root user on the operating system due to improper validation of processes.

DETAILED ANALYSIS

This vulnerability is due to insufficient validation of a process argument on an affected product. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges.

DISCLOSED VULNERABILITIES

  • Multiple Cisco Products CLI Command Injection Vulnerability (High CVSS 8.8)
    • CVE-2022-20655
  • ConfD CLI Command Injection Vulnerability (High CVSS 8.8)
    • CVE-2022-20655

MITIGATION STEPS

Updating software immediately or through regular processes is the only solution to this issue.

Should the owner of the device have access to service/support contracts, customers may now download from the site provided, but Cisco advises consulting with the Cisco Security Advisories page for full exposure and upgrade solutions.

Customers without service contracts should contact the Cisco TAC, but free software updates are available, regardless of licensing.

 

Cisco Product Cisco Bug ID First Fixed Release
Mobile Internet
Ultra Gateway Platform CSCvz49669 6.15.0
Network Management and Provisioning
Enterprise NFV Infrastructure Software (NFVIS) CSCvm76596 3.12.1
Network Services Orchestrator (NSO) CSCvq22323 4.3.9.1, 4.4.5.6, 4.4.8, 4.5.7, 4.6.1.7, 4.6.2, 4.7.1, 5.1.0.1, 5.2
Virtual Topology System (VTS) CSCvq58164 2.6.5
Optical Networking
Carrier Packet Transport CSCvq58204 End of software maintenance. No fix available. See the next section.
Routing and Switching – Enterprise and Service Provider
IOS XE SD-WAN CSCvq58224 16.10.2, 16.12.1b, 17.2.1r
IOS XR (64-bit) Software CSCvq58168 7.0.2, 7.1.1
Network Convergence System (NCS) 4009, 4016 CSCvq58183 6.5.32 (Jan 2022)
SD-WAN vBond Software CSCvq58226 18.4.4, 19.2.1, 19.3.0, 20.1.1
SD-WAN vEdge Routers CSCvq58226 18.4.4, 19.2.1, 19.3.0, 20.1.1
SD-WAN vManage Software CSCvq58226 18.4.4, 19.2.1, 19.3.0, 20.1.1
SD-WAN vSmart Software CSCvq58226 18.4.4, 19.2.1, 19.3.0, 20.1.1

 

ConfD Release

First Fixed Release

6.3 and earlier 6.3.9.1
6.4 6.4.7.2 and 6.4.8
6.5 6.5.7
6.6 6.6.2
6.7 6.7.1
7.1 and later Not vulnerable


SOURCES

CONTRIBUTING AUTHORS

  • Stephen Jones, Vice President, Cybersecurity Services
  • Sam Bourgeois, vCISO
  • Maximo Bredfeldt, vCISO

View all Dataprise Defense Digests here.

Recent Tweets

INSIGHTS

Learn about the latest threats and vulnerabilities with our D3 alerts.

Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.