cvelistv5 - CVE-2022-20696

CVE-2022-20696

Vulnerability from cvelistv5

Published

2022-09-08 12:30

Modified

2024-11-06 16:06

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.

References

▼	URL	Tags
	ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Cisco	Cisco SD-WAN vManage	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:48.467Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20696",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T16:00:00.827037Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T16:06:55.840Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco SD-WAN vManage",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-09-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "CWE-284",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-08T12:30:24",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
            },
         ],
         source: {
            advisory: "cisco-sa-vmanage-msg-serv-AqTup7vs",
            defect: [
               [
                  "CSCvx87376",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-09-07T23:00:00",
               ID: "CVE-2022-20696",
               STATE: "PUBLIC",
               TITLE: "Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco SD-WAN vManage",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "7.5",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-284",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-vmanage-msg-serv-AqTup7vs",
               defect: [
                  [
                     "CSCvx87376",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20696",
      datePublished: "2022-09-08T12:30:24.276705Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-06T16:06:55.840Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2022-20696\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2022-09-08T13:15:08.867\",\"lastModified\":\"2024-11-21T06:43:20.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la configuración de enlace de los contenedores del software Cisco SD-WAN vManage, podría permitir a un atacante adyacente no autenticado que tenga acceso a la red lógica VPN0 también acceda a los puertos del servicio de mensajería en un sistema afectado.&#xa0;Esta vulnerabilidad se presenta porque los puertos del contenedor del servidor de mensajería en un sistema afectado carecen de suficientes mecanismos de protección.&#xa0;Un atacante podría explotar esta vulnerabilidad conectándose a los puertos del servicio de mensajería del sistema afectado.&#xa0;Para explotar esta vulnerabilidad, el atacante debe poder enviar tráfico de red a las interfaces dentro de la red lógica VPN0.&#xa0;Esta red puede estar restringida para proteger redes adyacentes físicas o lógicas, según la configuración de implementación del dispositivo.&#xa0;Una explotación con éxito podría permitir al atacante vea e inyecte mensajes en el servicio de mensajería\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.7\",\"versionEndExcluding\":\"20.9.1\",\"matchCriteriaId\":\"CF8DC3CE-FA4A-486D-B912-63E121191F1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.6.4\",\"matchCriteriaId\":\"6AEA1221-523C-4C08-8384-E112EA9CBF18\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs\", \"name\": \"20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T02:24:48.467Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-20696\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-06T16:00:00.827037Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-06T16:00:25.393Z\"}}], \"cna\": {\"title\": \"Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability\", \"source\": {\"defect\": [[\"CSCvx87376\"]], \"advisory\": \"cisco-sa-vmanage-msg-serv-AqTup7vs\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco SD-WAN vManage\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2022-09-07T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs\", \"name\": \"20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2022-09-08T12:30:24\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.5\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvx87376\"]], \"advisory\": \"cisco-sa-vmanage-msg-serv-AqTup7vs\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco SD-WAN vManage\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs\", \"name\": \"20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-284\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-20696\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2022-09-07T23:00:00\"}}}}",
         cveMetadata: "{\"cveId\": \"CVE-2022-20696\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-06T16:06:55.840Z\", \"dateReserved\": \"2021-11-02T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2022-09-08T12:30:24.276705Z\", \"assignerShortName\": \"cisco\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

cisco-sa-vmanage-msg-serv-aqtup7vs

Vulnerability from csaf_cisco

Published

2022-09-07 16:00

Modified

2022-09-27 21:40

Summary

Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability

Notes

Summary

Vulnerable Products

This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco SD-WAN vManage Software. For information about which Cisco software releases are vulnerable, see the Fixed Software ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2#fs"] section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS XE SD-WAN Software SD-WAN vBond Orchestrator Software SD-WAN vEdge Cloud Routers SD-WAN vEdge Routers SD-WAN vSmart Controller Software

Workarounds

There is a workaround that addresses this vulnerability. Administrators can use access control lists (ACLs) to block TCP ports 4222, 6222, and 8222, which are used by Cisco SD-WAN vManage Software messaging services. They may be configured in the following ways depending on deployment: Configure ACLs on Cisco IOS devices. For information about preventing exploitation of Cisco IOS devices, see Protecting Your Core: Infrastructure Protection Access Control Lists ["http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml"]. Configure ACLs at the firewall that protects Cisco SD-WAN vManage Software. For information about Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) ACL configuration, see Cisco ASA Series Firewall CLI Configuration Guide: Access Control Lists ["https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/firewall/asa-916-firewall-config/access-acls.html"]. Cisco Cloud Controllers ACLs (Inbound Rules allowed list) are managed through the Self-Service Portal. Customers will have to review their ACL configurations on the Self-Service Portal to ensure that they are correct. This does not involve updating the controller version. By default, Cisco-hosted devices are protected against the issue described in the advisory unless the customer has explicitly allowed access. For more information, see Cisco SD-WAN Cloud Hosted Controllers Provisioning ["https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/CloudOps/b-cisco-sdwan-cloudops/m-provisioning.html#concept_ocl_kgh_nlb"]. While these workarounds have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed software release ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] as indicated in the following table(s): Cisco SD-WAN vManage Software Release First Fixed Release Earlier than 20.3 Migrate to a fixed release. 20.3 Migrate to a fixed release. 20.6 20.6.4 20.7 Migrate to a fixed release. 20.8 Migrate to a fixed release. 20.9 20.9.1 Note: It is the customer’s responsibility to upgrade their cloud controllers to the latest version in which this vulnerability is fixed. The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank Orange Business for reporting this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
   document: {
      acknowledgments: [
         {
            summary: "Cisco would like to thank Orange Business for reporting this vulnerability.",
         },
      ],
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      notes: [
         {
            category: "summary",
            text: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system.\r\n\r\nThis vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.\r\n\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.\r\n\r\n",
            title: "Summary",
         },
         {
            category: "general",
            text: "This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco SD-WAN vManage Software.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2#fs\"] section of this advisory.",
            title: "Vulnerable Products",
         },
         {
            category: "general",
            text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nIOS XE SD-WAN Software\r\nSD-WAN vBond Orchestrator Software\r\nSD-WAN vEdge Cloud Routers\r\nSD-WAN vEdge Routers\r\nSD-WAN vSmart Controller Software",
            title: "Products Confirmed Not Vulnerable",
         },
         {
            category: "general",
            text: "There is a workaround that addresses this vulnerability.\r\n\r\nAdministrators can use access control lists (ACLs) to block TCP ports 4222, 6222, and 8222, which are used by Cisco SD-WAN vManage Software messaging services. They may be configured in the following ways depending on deployment:\r\n\r\nConfigure ACLs on Cisco IOS devices. For information about preventing exploitation of Cisco IOS devices, see Protecting Your Core: Infrastructure Protection Access Control Lists [\"http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml\"].\r\nConfigure ACLs at the firewall that protects Cisco SD-WAN vManage Software. For information about Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) ACL configuration, see Cisco ASA Series Firewall CLI Configuration Guide: Access Control Lists [\"https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/firewall/asa-916-firewall-config/access-acls.html\"].\r\nCisco Cloud Controllers ACLs (Inbound Rules allowed list) are managed through the Self-Service Portal. Customers will have to review their ACL configurations on the Self-Service Portal to ensure that they are correct. This does not involve updating the controller version. By default, Cisco-hosted devices are protected against the issue described in the advisory unless the customer has explicitly allowed access. For more information, see Cisco SD-WAN Cloud Hosted Controllers Provisioning [\"https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/CloudOps/b-cisco-sdwan-cloudops/m-provisioning.html#concept_ocl_kgh_nlb\"].\r\n\r\nWhile these workarounds have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
            title: "Workarounds",
         },
         {
            category: "general",
            text: "Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nCustomers are advised to upgrade to an appropriate fixed software release [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] as indicated in the following table(s):\r\n        Cisco SD-WAN vManage Software Release  First Fixed Release           Earlier than 20.3  Migrate to a fixed release.      20.3  Migrate to a fixed release.      20.6  20.6.4      20.7  Migrate to a fixed release.      20.8  Migrate to a fixed release.      20.9  20.9.1\r\nNote: It is the customer’s responsibility to upgrade their cloud controllers to the latest version in which this vulnerability is fixed.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.",
            title: "Fixed Software",
         },
         {
            category: "general",
            text: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            title: "Exploitation and Public Announcements",
         },
         {
            category: "general",
            text: "Cisco would like to thank Orange Business for reporting this vulnerability.",
            title: "Source",
         },
         {
            category: "legal_disclaimer",
            text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
            title: "Legal Disclaimer",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "psirt@cisco.com",
         issuing_authority: "Cisco PSIRT",
         name: "Cisco",
         namespace: "https://wwww.cisco.com",
      },
      references: [
         {
            category: "self",
            summary: "Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
         },
         {
            category: "external",
            summary: "Cisco Security Vulnerability Policy",
            url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
         },
         {
            category: "external",
            summary: "Fixed Software",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2#fs",
         },
         {
            category: "external",
            summary: "Protecting Your Core: Infrastructure Protection Access Control Lists",
            url: "http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml",
         },
         {
            category: "external",
            summary: "Cisco&nbsp;ASA Series Firewall CLI Configuration Guide: Access Control Lists",
            url: "https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/firewall/asa-916-firewall-config/access-acls.html",
         },
         {
            category: "external",
            summary: "Cisco&nbsp;SD-WAN Cloud Hosted Controllers Provisioning",
            url: "https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/CloudOps/b-cisco-sdwan-cloudops/m-provisioning.html#concept_ocl_kgh_nlb",
         },
         {
            category: "external",
            summary: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
            url: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
         },
         {
            category: "external",
            summary: "considering software upgrades",
            url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes",
         },
         {
            category: "external",
            summary: "Cisco&nbsp;Security Advisories page",
            url: "https://www.cisco.com/go/psirt",
         },
         {
            category: "external",
            summary: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
            url: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
         },
      ],
      title: "Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
      tracking: {
         current_release_date: "2022-09-27T21:40:31+00:00",
         generator: {
            date: "2024-05-10T23:18:11+00:00",
            engine: {
               name: "TVCE",
            },
         },
         id: "cisco-sa-vmanage-msg-serv-AqTup7vs",
         initial_release_date: "2022-09-07T16:00:00+00:00",
         revision_history: [
            {
               date: "2022-09-07T15:47:11+00:00",
               number: "1.0.0",
               summary: "Initial public release.",
            },
            {
               date: "2022-09-09T20:05:37+00:00",
               number: "1.1.0",
               summary: "Added cloud information.",
            },
            {
               date: "2022-09-27T21:40:31+00:00",
               number: "1.2.0",
               summary: "Added clarification for workaround.",
            },
         ],
         status: "final",
         version: "1.2.0",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_family",
                  name: "Cisco Catalyst SD-WAN Manager",
                  product: {
                     name: "Cisco Catalyst SD-WAN Manager ",
                     product_id: "CSAFPID-271450",
                  },
               },
            ],
            category: "vendor",
            name: "Cisco",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-20696",
         ids: [
            {
               system_name: "Cisco Bug ID",
               text: "CSCvx87376",
            },
         ],
         notes: [
            {
               category: "other",
               text: "Complete.",
               title: "Affected Product Comprehensiveness",
            },
         ],
         product_status: {
            known_affected: [
               "CSAFPID-271450",
            ],
         },
         release_date: "2022-09-07T16:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               details: "Cisco has released software updates that address this vulnerability.",
               product_ids: [
                  "CSAFPID-271450",
               ],
               url: "https://software.cisco.com",
            },
            {
               category: "workaround",
               details: "There is a workaround that addresses this vulnerability.\r\n\r\nAdministrators can use access control lists (ACLs) to block TCP ports 4222, 6222, and 8222, which are used by Cisco SD-WAN vManage Software messaging services. They may be configured in the following ways depending on deployment:\r\n\r\nConfigure ACLs on Cisco IOS devices. For information about preventing exploitation of Cisco IOS devices, see Protecting Your Core: Infrastructure Protection Access Control Lists [\"http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml\"].\r\nConfigure ACLs at the firewall that protects Cisco SD-WAN vManage Software. For information about Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) ACL configuration, see Cisco ASA Series Firewall CLI Configuration Guide: Access Control Lists [\"https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/firewall/asa-916-firewall-config/access-acls.html\"].\r\nCisco Cloud Controllers ACLs (Inbound Rules allowed list) are managed through the Self-Service Portal. Customers will have to review their ACL configurations on the Self-Service Portal to ensure that they are correct. This does not involve updating the controller version. By default, Cisco-hosted devices are protected against the issue described in the advisory unless the customer has explicitly allowed access. For more information, see Cisco SD-WAN Cloud Hosted Controllers Provisioning [\"https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/CloudOps/b-cisco-sdwan-cloudops/m-provisioning.html#concept_ocl_kgh_nlb\"].\r\n\r\nWhile these workarounds have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
               product_ids: [
                  "CSAFPID-271450",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "CSAFPID-271450",
               ],
            },
         ],
         title: "Cisco SD-WAN vManage Information Disclosure Vulnerability",
      },
   ],
}

cisco-sa-vmanage-msg-serv-AqTup7vs

Vulnerability from csaf_cisco

Published

2022-09-07 16:00

Modified

2022-09-27 21:40

Summary

Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability

Notes

Summary

Vulnerable Products

Products Confirmed Not Vulnerable

Workarounds

Fixed Software

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank Orange Business for reporting this vulnerability.

Legal Disclaimer

JSON

To clipboard

{
   document: {
      acknowledgments: [
         {
            summary: "Cisco would like to thank Orange Business for reporting this vulnerability.",
         },
      ],
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      notes: [
         {
            category: "summary",
            text: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system.\r\n\r\nThis vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.\r\n\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.\r\n\r\n",
            title: "Summary",
         },
         {
            category: "general",
            text: "This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco SD-WAN vManage Software.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2#fs\"] section of this advisory.",
            title: "Vulnerable Products",
         },
         {
            category: "general",
            text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nIOS XE SD-WAN Software\r\nSD-WAN vBond Orchestrator Software\r\nSD-WAN vEdge Cloud Routers\r\nSD-WAN vEdge Routers\r\nSD-WAN vSmart Controller Software",
            title: "Products Confirmed Not Vulnerable",
         },
         {
            category: "general",
            text: "There is a workaround that addresses this vulnerability.\r\n\r\nAdministrators can use access control lists (ACLs) to block TCP ports 4222, 6222, and 8222, which are used by Cisco SD-WAN vManage Software messaging services. They may be configured in the following ways depending on deployment:\r\n\r\nConfigure ACLs on Cisco IOS devices. For information about preventing exploitation of Cisco IOS devices, see Protecting Your Core: Infrastructure Protection Access Control Lists [\"http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml\"].\r\nConfigure ACLs at the firewall that protects Cisco SD-WAN vManage Software. For information about Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) ACL configuration, see Cisco ASA Series Firewall CLI Configuration Guide: Access Control Lists [\"https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/firewall/asa-916-firewall-config/access-acls.html\"].\r\nCisco Cloud Controllers ACLs (Inbound Rules allowed list) are managed through the Self-Service Portal. Customers will have to review their ACL configurations on the Self-Service Portal to ensure that they are correct. This does not involve updating the controller version. By default, Cisco-hosted devices are protected against the issue described in the advisory unless the customer has explicitly allowed access. For more information, see Cisco SD-WAN Cloud Hosted Controllers Provisioning [\"https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/CloudOps/b-cisco-sdwan-cloudops/m-provisioning.html#concept_ocl_kgh_nlb\"].\r\n\r\nWhile these workarounds have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
            title: "Workarounds",
         },
         {
            category: "general",
            text: "Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nCustomers are advised to upgrade to an appropriate fixed software release [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] as indicated in the following table(s):\r\n        Cisco SD-WAN vManage Software Release  First Fixed Release           Earlier than 20.3  Migrate to a fixed release.      20.3  Migrate to a fixed release.      20.6  20.6.4      20.7  Migrate to a fixed release.      20.8  Migrate to a fixed release.      20.9  20.9.1\r\nNote: It is the customer’s responsibility to upgrade their cloud controllers to the latest version in which this vulnerability is fixed.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.",
            title: "Fixed Software",
         },
         {
            category: "general",
            text: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            title: "Exploitation and Public Announcements",
         },
         {
            category: "general",
            text: "Cisco would like to thank Orange Business for reporting this vulnerability.",
            title: "Source",
         },
         {
            category: "legal_disclaimer",
            text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
            title: "Legal Disclaimer",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "psirt@cisco.com",
         issuing_authority: "Cisco PSIRT",
         name: "Cisco",
         namespace: "https://wwww.cisco.com",
      },
      references: [
         {
            category: "self",
            summary: "Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
         },
         {
            category: "external",
            summary: "Cisco Security Vulnerability Policy",
            url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
         },
         {
            category: "external",
            summary: "Fixed Software",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2#fs",
         },
         {
            category: "external",
            summary: "Protecting Your Core: Infrastructure Protection Access Control Lists",
            url: "http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml",
         },
         {
            category: "external",
            summary: "Cisco&nbsp;ASA Series Firewall CLI Configuration Guide: Access Control Lists",
            url: "https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/firewall/asa-916-firewall-config/access-acls.html",
         },
         {
            category: "external",
            summary: "Cisco&nbsp;SD-WAN Cloud Hosted Controllers Provisioning",
            url: "https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/CloudOps/b-cisco-sdwan-cloudops/m-provisioning.html#concept_ocl_kgh_nlb",
         },
         {
            category: "external",
            summary: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
            url: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
         },
         {
            category: "external",
            summary: "considering software upgrades",
            url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes",
         },
         {
            category: "external",
            summary: "Cisco&nbsp;Security Advisories page",
            url: "https://www.cisco.com/go/psirt",
         },
         {
            category: "external",
            summary: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
            url: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
         },
      ],
      title: "Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
      tracking: {
         current_release_date: "2022-09-27T21:40:31+00:00",
         generator: {
            date: "2024-05-10T23:18:11+00:00",
            engine: {
               name: "TVCE",
            },
         },
         id: "cisco-sa-vmanage-msg-serv-AqTup7vs",
         initial_release_date: "2022-09-07T16:00:00+00:00",
         revision_history: [
            {
               date: "2022-09-07T15:47:11+00:00",
               number: "1.0.0",
               summary: "Initial public release.",
            },
            {
               date: "2022-09-09T20:05:37+00:00",
               number: "1.1.0",
               summary: "Added cloud information.",
            },
            {
               date: "2022-09-27T21:40:31+00:00",
               number: "1.2.0",
               summary: "Added clarification for workaround.",
            },
         ],
         status: "final",
         version: "1.2.0",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_family",
                  name: "Cisco Catalyst SD-WAN Manager",
                  product: {
                     name: "Cisco Catalyst SD-WAN Manager ",
                     product_id: "CSAFPID-271450",
                  },
               },
            ],
            category: "vendor",
            name: "Cisco",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-20696",
         ids: [
            {
               system_name: "Cisco Bug ID",
               text: "CSCvx87376",
            },
         ],
         notes: [
            {
               category: "other",
               text: "Complete.",
               title: "Affected Product Comprehensiveness",
            },
         ],
         product_status: {
            known_affected: [
               "CSAFPID-271450",
            ],
         },
         release_date: "2022-09-07T16:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               details: "Cisco has released software updates that address this vulnerability.",
               product_ids: [
                  "CSAFPID-271450",
               ],
               url: "https://software.cisco.com",
            },
            {
               category: "workaround",
               details: "There is a workaround that addresses this vulnerability.\r\n\r\nAdministrators can use access control lists (ACLs) to block TCP ports 4222, 6222, and 8222, which are used by Cisco SD-WAN vManage Software messaging services. They may be configured in the following ways depending on deployment:\r\n\r\nConfigure ACLs on Cisco IOS devices. For information about preventing exploitation of Cisco IOS devices, see Protecting Your Core: Infrastructure Protection Access Control Lists [\"http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml\"].\r\nConfigure ACLs at the firewall that protects Cisco SD-WAN vManage Software. For information about Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) ACL configuration, see Cisco ASA Series Firewall CLI Configuration Guide: Access Control Lists [\"https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/firewall/asa-916-firewall-config/access-acls.html\"].\r\nCisco Cloud Controllers ACLs (Inbound Rules allowed list) are managed through the Self-Service Portal. Customers will have to review their ACL configurations on the Self-Service Portal to ensure that they are correct. This does not involve updating the controller version. By default, Cisco-hosted devices are protected against the issue described in the advisory unless the customer has explicitly allowed access. For more information, see Cisco SD-WAN Cloud Hosted Controllers Provisioning [\"https://www.cisco.com/c/en/us/td/docs/routers/sdwan/knowledge-base/CloudOps/b-cisco-sdwan-cloudops/m-provisioning.html#concept_ocl_kgh_nlb\"].\r\n\r\nWhile these workarounds have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
               product_ids: [
                  "CSAFPID-271450",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "CSAFPID-271450",
               ],
            },
         ],
         title: "Cisco SD-WAN vManage Information Disclosure Vulnerability",
      },
   ],
}

fkie_cve-2022-20696

Vulnerability from fkie_nvd

Published

2022-09-08 13:15

Modified

2024-11-21 06:43

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	catalyst_sd-wan_manager	*
	cisco	sd-wan_vmanage	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF8DC3CE-FA4A-486D-B912-63E121191F1C",
                     versionEndExcluding: "20.9.1",
                     versionStartIncluding: "20.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AEA1221-523C-4C08-8384-E112EA9CBF18",
                     versionEndExcluding: "20.6.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en la configuración de enlace de los contenedores del software Cisco SD-WAN vManage, podría permitir a un atacante adyacente no autenticado que tenga acceso a la red lógica VPN0 también acceda a los puertos del servicio de mensajería en un sistema afectado.&#xa0;Esta vulnerabilidad se presenta porque los puertos del contenedor del servidor de mensajería en un sistema afectado carecen de suficientes mecanismos de protección.&#xa0;Un atacante podría explotar esta vulnerabilidad conectándose a los puertos del servicio de mensajería del sistema afectado.&#xa0;Para explotar esta vulnerabilidad, el atacante debe poder enviar tráfico de red a las interfaces dentro de la red lógica VPN0.&#xa0;Esta red puede estar restringida para proteger redes adyacentes físicas o lógicas, según la configuración de implementación del dispositivo.&#xa0;Una explotación con éxito podría permitir al atacante vea e inyecte mensajes en el servicio de mensajería",
      },
   ],
   id: "CVE-2022-20696",
   lastModified: "2024-11-21T06:43:20.890",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.9,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-09-08T13:15:08.867",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

ghsa-5jcq-9vgg-wvh8

Vulnerability from github

Published

2022-09-09 00:00

Modified

2022-09-14 00:00

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2022-20696",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-284",
         "CWE-668",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2022-09-08T13:15:00Z",
      severity: "HIGH",
   },
   details: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
   id: "GHSA-5jcq-9vgg-wvh8",
   modified: "2022-09-14T00:00:41Z",
   published: "2022-09-09T00:00:57Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2022-20696",
      },
      {
         type: "WEB",
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
}

gsd-2022-20696

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-20696

Aliases

CVE-2022-20696

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2022-20696",
      description: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
      id: "GSD-2022-20696",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2022-20696",
         ],
         details: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
         id: "GSD-2022-20696",
         modified: "2023-12-13T01:19:16.254751Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "psirt@cisco.com",
            DATE_PUBLIC: "2022-09-07T23:00:00",
            ID: "CVE-2022-20696",
            STATE: "PUBLIC",
            TITLE: "Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "Cisco SD-WAN vManage ",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Cisco",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
               },
            ],
         },
         exploit: [
            {
               lang: "eng",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. ",
            },
         ],
         impact: {
            cvss: {
               baseScore: "7.5",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H ",
               version: "3.0",
            },
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "CWE-284",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
                  refsource: "CISCO",
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
               },
            ],
         },
         source: {
            advisory: "cisco-sa-vmanage-msg-serv-AqTup7vs",
            defect: [
               [
                  "CSCvx87376",
               ],
            ],
            discovery: "INTERNAL",
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "20.6.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "20.9.1",
                        versionStartIncluding: "20.7",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2022-20696",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "NVD-CWE-Other",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220907 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
                     refsource: "CISCO",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
                  },
               ],
            },
         },
         impact: {
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 2.8,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2023-10-16T16:35Z",
         publishedDate: "2022-09-08T13:15Z",
      },
   },
}

var-202209-0377

Vulnerability from variot

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202209-0377",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "catalyst sd-wan manager",
            scope: "gte",
            trust: 1,
            vendor: "cisco",
            version: "20.7",
         },
         {
            model: "sd-wan vmanage",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "20.6.4",
         },
         {
            model: "catalyst sd-wan manager",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "20.9.1",
         },
         {
            model: "cisco sd-wan vmanage",
            scope: "eq",
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: "20.6.4",
         },
         {
            model: "catalyst sd-wan manager",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   cve: "CVE-2022-20696",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2022-20696",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "HIGH",
                  attackVector: "ADJACENT",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.6,
                  id: "CVE-2022-20696",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Adjacent Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.8,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20696",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2022-20696",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20696",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "CVE-2022-20696",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202209-421",
                  trust: 0.6,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload. Cisco Systems Catalyst SD-WAN Manager and Cisco SD-WAN vManage Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "VULHUB",
            id: "VHN-405249",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20696",
         },
      ],
      trust: 1.8,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20696",
            trust: 3.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
            trust: 0.8,
         },
         {
            db: "AUSCERT",
            id: "ESB-2022.4438",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-405249",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20696",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405249",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20696",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   id: "VAR-202209-0377",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405249",
         },
      ],
      trust: 1.1,
   },
   last_update_date: "2024-08-14T14:31:00.018000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-vmanage-msg-serv-AqTup7vs",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs",
         },
         {
            title: "Cisco SD-WAN vManage Software Security vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=247138",
         },
         {
            title: "Cisco: Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanage-msg-serv-AqTup7vs",
         },
         {
            title: "The Register",
            trust: 0.1,
            url: "https://www.theregister.co.uk/2022/09/08/cisco_routers_vulnerability/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20696",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "NVD-CWE-Other",
            trust: 1,
         },
         {
            problemtype: "CWE-284",
            trust: 1,
         },
         {
            problemtype: "others (CWE-Other) [NVD evaluation ]",
            trust: 0.8,
         },
         {
            problemtype: "CWE-668",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405249",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.5,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-msg-serv-aqtup7vs",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20696",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2022.4438",
         },
         {
            trust: 0.6,
            url: "https://cxsecurity.com/cveshow/cve-2022-20696/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-405249",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20696",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-405249",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20696",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
         {
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-09-08T00:00:00",
            db: "VULHUB",
            id: "VHN-405249",
         },
         {
            date: "2022-09-08T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20696",
         },
         {
            date: "2023-10-20T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            date: "2022-09-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
         {
            date: "2022-09-08T13:15:08.867000",
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-09-13T00:00:00",
            db: "VULHUB",
            id: "VHN-405249",
         },
         {
            date: "2022-09-08T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20696",
         },
         {
            date: "2023-10-20T03:15:00",
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
         {
            date: "2023-07-24T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
         {
            date: "2023-11-07T03:42:39.143000",
            db: "NVD",
            id: "CVE-2022-20696",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote or local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Systems  Catalyst SD-WAN Manager  and  Cisco SD-WAN vManage  Vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-018492",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "other",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202209-421",
         },
      ],
      trust: 0.6,
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-20696

Vulnerability from cvelistv5

cisco-sa-vmanage-msg-serv-aqtup7vs

Vulnerability from csaf_cisco

cisco-sa-vmanage-msg-serv-AqTup7vs

Vulnerability from csaf_cisco

fkie_cve-2022-20696

Vulnerability from fkie_nvd

ghsa-5jcq-9vgg-wvh8

Vulnerability from github

gsd-2022-20696

Vulnerability from gsd

var-202209-0377

Vulnerability from variot

Tags

Sightings

Nomenclature