PT-2022-2559 · Cisco · Cisco Enterprise Nfv Infrastructure
Cyrille Chatras
+2
·
Published
2022-05-04
·
Updated
2023-07-24
·
CVE-2022-20777
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)
Description
The issue is related to multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) that could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. A vulnerability in the next-generation input/output (NGIO) function is associated with inadequate access control, which can be exploited by a remote attacker to elevate privileges by sending an API call from a virtual machine.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Enterprise Nfv Infrastructure