First published: Wed May 04 2022(Updated: )
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Enterprise NFV Infrastructure Software | <4.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-20777 is critical with a severity value of 9.9.
Cisco Enterprise NFV Infrastructure Software version up to 4.7.1 is affected by CVE-2022-20777.
The potential vulnerabilities of CVE-2022-20777 include escaping from the guest VM to the host machine, injecting commands at the root level, and leaking system data from the host to the VM.
Yes, Cisco has released fixes for the vulnerabilities in Cisco Enterprise NFV Infrastructure Software. Please refer to the Cisco Security Advisory for more information.
More information about CVE-2022-20777 can be found in the OrangeCERTCC security research advisory and the Cisco Security Advisory.