Cisco addresses three bugs in Enterprise NFVIS Software

by chebbi abir

Cisco addresses three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could allow the compromise of the hosts.

Cisco addressed three vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, affecting the Enterprise NFV Infrastructure Software (NFVIS) that could be exploited by attackers to take control over the hosts.

 

“Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.” reads the advisory published by Cisco.

An attacker could exploit the vulnerabilities to escape from the guest virtual machine (VM) to the host machine, execute commands as root, or leak system data from the host to the VM.

Below are the three vulnerabilities fixed by the IT giant:

  • CVE-2022-20777 (CVSS score: 9.9) -A vulnerability in the Next Generation Input/Output (NGIO) feature of Cisco Enterprise NFVIS could allow an authenticated, remote attacker to escape from the guest VM to gain unauthorized root-level access on the NFVIS host.
  • CVE-2022-20779 (CVSS score: 8.8) – A vulnerability in the image registration process of Cisco Enterprise NFVIS could allow an unauthenticated, remote attacker to inject commands that execute at the root level on the NFVIS host during the image registration process.
  • CVE-2022-20780 (CVSS score: 7.4) – A vulnerability in the import function of Cisco Enterprise NFVIS could allow an unauthenticated, remote attacker to leak system data from the host to any configured VM.

The vulnerabilities were reported by Cyrille Chatras, Pierre Denouel, and Loïc Restoux of Orange Group.

The Cisco Product Security Incident Response Team (PSIRT) said that it is not aware of any public announcements or malicious use of these vulnerabilities.

To read the original article:

https://securityaffairs.co/wordpress/130952/security/cisco-nfvis-software-bugs.html

Top

Interdit de copier  ce contenu