Cisco Releases Critical Security Update for Enterprise NFV Infrastructure Software Vulnerabilities

Scheduled update addresses one critical and two high impact vulnerabilities

Threat ID:: CC-4088
Threat Severity:: Information only
Published:: 6 May 2022 2:45 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled update addresses one critical and two high impact vulnerabilities

Affected platforms

The following platforms are known to be affected:

Versions: All 4.0 prior to 4.7.1, All earlier than 4.0

Cisco Enterprise NFV Infrastructure Software (NFVIS)

Threat details

Introduction

Cisco has released a security update to address one critical and two high impact vulnerabilities in Cisco Enterprise NFV Infrastructure Software.

These vulnerabilities could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. A remote, unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review Cisco Security Advisories and cisco-sa-NFVIS-MUL-7DySRX9, and apply the necessary updates.

Definitive source of threat updates

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9

CVE Vulnerabilities

Status Published

CVE-2022-20777

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

Status Published

CVE-2022-20779

Status Published

CVE-2022-20780

Last edited: 6 May 2022 3:05 pm