First published: Wed May 04 2022(Updated: )
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Enterprise NFV Infrastructure Software | <4.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-20780 is critical (CVSS score 7.4).
CVE-2022-20780 refers to multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) that could allow an attacker to escape from the guest VM to the host machine, inject commands at the root level, or leak system data from the host to the VM.
An attacker can exploit CVE-2022-20780 by escaping from the guest VM to the host machine, injecting commands at the root level, or leaking system data from the host to the VM.
Yes, Cisco has released patches to address the vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS). It is recommended to update to version 4.7.2 or later.
You can find more information about CVE-2022-20780 on the Cisco Security Advisory page and the Orange Cyberdefense security research page.