Security News > 2022 > May > Cisco fixes NFVIS bugs that help gain root and hijack hosts
Two of them, rated critical and high severity, can be exploited by attackers to run commands with root privileges or to escape the guest virtual machine and fully compromise NFVIS hosts.
CVE-2022-20777 is caused by insufficient guest restrictions and allows authenticated attackers to escape the guest VM and gain root-level access to the host in low complexity attacks without requiring user interaction.
"An attacker could exploit this vulnerability by sending an API call from a VM that will execute with root-level privileges on the NFVIS host. A successful exploit could allow the attacker compromise the NFVIS host completely," Cisco explained.
The second is a high severity command injection vulnerability in the image registration process of Cisco Enterprise NFVIS due to improper input validation.
Unauthenticated attackers can exploit it remotely to inject commands that execute with root privileges on the host during the image registration process in low-complexity attacks that require interaction.
Last month, Cisco also fixed a bug in the Cisco Umbrella Virtual Appliance that let unauthenticated attackers steal admin credentials remotely.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2022-20777 | Unspecified vulnerability in Cisco Enterprise NFV Infrastructure Software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. | 9.9 |