Cisco addressed three vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, affecting the Enterprise NFV Infrastructure Software (NFVIS) that could be exploited by attackers to take control over the hosts.
“Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.” reads the advisory published by Cisco.
An attacker could exploit the vulnerabilities to escape from the guest virtual machine (VM) to the host machine, execute commands as root, or leak system data from the host to the VM.
Below are the three vulnerabilities fixed by the IT giant:
The vulnerabilities were reported by Cyrille Chatras, Pierre Denouel, and Loïc Restoux of Orange Group.
The Cisco Product Security Incident Response Team (PSIRT) said that it is not aware of any public announcements or malicious use of these vulnerabilities.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, NFVIS)