Vulnerabilities in Cisco NFVIS allow guest VM escape

Overview

Cisco has released a patch to address several vulnerabilities in their NFV Infrastructure Software (NFVIS).

Two of these, (CVE-2022-20777, 2022-20779) could allow attackers to execute code on the host machine and another (CVE-2022-20780) could be used to leak system data.

Impact

An authenticated, remote attacker could escape from the guest virtual machine (VM) to gain unauthorised root-level access on the NFVIS host.

Affected Products

Cisco Enterprise NFVIS before 4.7.1.

Containment, Mitigations & Remediations

No mitigations are listed. Devices should be updated as soon as possible.

Indicators of Compromise

None listed.

Threat Landscape

Cisco PSIRT is not aware of any public announcements or exploitations in the wild.

Mitre Methodologies

T1210 – Exploitation of Remote Services

Further Information

Cisco Enterprise NFV Infrastructure Software Vulnerabilities