CVE-2022-20780

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description The issue concerns multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) that could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. One of the vulnerabilities is related to the incorrect restriction of XML links to external objects in the software import function, which could allow a remote attacker to disclose protected information using specially crafted XML code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.