Cisco currently has information about this vulnerability that indicates that there is no public exploit. Cisco has initiated the responsible disclosure process and will release information about the public exploit once it is known. Cisco recommends users take action to install software updates as soon as they become available. Users can also consider restricting access to the CLI by creating strict network access rules for privileged users. Cisco recommends users review their Cisco devices for other access points to privileged systems that may be vulnerable to attack.
Cisco CSCeb9072 CSCeb9072
A vulnerability in the CLI of Cisco IOS Software that could allow unauthorized users to access privileged commands on a Cisco device.
Cisco ASA Software Features and Limitations Affected by CVE-2022-20739
The following output is generated by the show configuration privileged EXEC command:
1. There are no known public exploits for this vulnerability.
2. Information about this vulnerability is available at https://www.cisco.com/security/center/content/CiscoSA-20180719-CVE-2022-20739.html
3. Restricting access to the CLI is recommended for end users in order to protect them from attack; see http://www.cisco.com/en/US/products/hw/switches/ps708/products_user_guide_chapter09186a0080f7e0d5.html#wp1486261
4. Cisco ASA Software features and limitations that may be affected by CVE-2022-20739 are listed below:
* Memory tunable via command line interface (CLI)
* SSH access allowed from any interface on a given device
* Redundant power supplies supported with redundant power cords
Cisco IOS Software and IOS XE Software: Vulnerabilities
Cisco IOS Software and IOS XE Software have vulnerabilities that may be exploited to cause a denial of service (DoS) or potentially gain unauthorized access to privileged system commands. These vulnerabilities exist in some Cisco devices and are present in IOS XE Software when certain configuration options are enabled.
Cisco Devices Currently Affected by CVE-2022 -20739
Cisco devices currently known to be vulnerable to the exploit are listed below:
• Cisco Small Business 250 Series
• Cisco Small Business MSP
• Cisco Cloud Services Platform 3000 (CSP3K)
Timeline
Published on: 04/15/2022 15:15:00 UTC
Last modified on: 05/13/2022 18:56:00 UTC