Cisco has announced a fix for a vulnerability tracked as CVE-2022-20696 that is affecting various products including any device using a vulnerable release of Cisco SD-WAN vManage software. The impacted releases include:
- Versions earlier than 20.3
- 20.3
- 20.6 except 20.6.4
- 20.7
- 20.8
- 20.9 except 20.9.1
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
- IOS XE SD-WAN Software
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Cloud Routers
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software
It’s believed that the vulnerability exists because of insufficient protection mechanisms on messaging servers containing ports. A Cisco advisory read “To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.”
Analyst Notes
Cisco has released patches for the vulnerability and advises users to download and install SD-WAN vManage software releases 20.6.4 or 20.9.1. The Cisco advisory also explains some workarounds for the vulnerability, which include administrators using Access Control Lists (ACLs) to block ports 4222, 6222, and 8222, which are used by Cisco SD-WAN vManage software messaging services.
https://securityweek.com/cisco-patches-high-severity-vulnerability-sd-wan-vmanage?&web_view=true
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs
