First published: Wed May 04 2022(Updated: )
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Enterprise NFV Infrastructure Software | <4.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-20779 is critical with a CVSS score of 8.8.
The affected software for CVE-2022-20779 is Cisco Enterprise NFV Infrastructure Software version up to and excluding 4.7.1.
The vulnerabilities associated with CVE-2022-20779 include the ability for an attacker to escape from the guest virtual machine to the host machine, inject root-level commands, or leak system data from the host to the VM.
Yes, Cisco has provided fixes for the vulnerabilities in Cisco Enterprise NFV Infrastructure Software. It is recommended to update to a version that includes the necessary patches.
More information about CVE-2022-20779 can be found in the security advisories by Orange CERT CC and Cisco Security Advisory.