Cisco Fixes Critical VM Escape in NFV Infrastructure Software

4
Cisco Fixes Critical VM Escape in NFV Infrastructure Software

Cisco has released fixes for Enterprise Network Function Virtualization Infrastructure Software (NFVIS), which include a significant flaw that allows attackers to escape from a guest virtual machine (VM). 

The significant vulnerability, identified as CVE-2022-20777 (CVSS 9.9), affects Enterprise NFVIS’s Next Generation Input/Output (NGIO) capability. The problem, according to the IT giant, is insufficient guest restrictions. An authenticated attacker might issue an API call from a VM and have it performed with root-level privileges on the NFVIS host, resulting in full host compromise. 

Attackers may use two high-severity vulnerabilities in NFVIS, according to Cisco’s alert, to inject instructions or leak system data.

Read More: https://www.securityweek.com/cisco-patches-critical-vm-escape-nfv-infrastructure-software

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.