Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / Vulnerabilities in Cisco NFVIS allow guest VM escape


Cisco has released a patch to address several vulnerabilities in their NFV Infrastructure Software (NFVIS).

Two of these, (CVE-2022-20777, 2022-20779) could allow attackers to execute code on the host machine and another (CVE-2022-20780) could be used to leak system data.


An authenticated, remote attacker could escape from the guest virtual machine (VM) to gain unauthorised root-level access on the NFVIS host.

Affected Products

Cisco Enterprise NFVIS before 4.7.1.

Containment, Mitigations & Remediations

No mitigations are listed. Devices should be updated as soon as possible.

Indicators of Compromise

None listed.

Threat Landscape

Cisco PSIRT is not aware of any public announcements or exploitations in the wild.

Mitre Methodologies

T1210 – Exploitation of Remote Services

Further Information

Cisco Enterprise NFV Infrastructure Software Vulnerabilities