Cisco Systems released security fixes on Wednesday to address three weaknesses in its Enterprise NFV Infrastructure Software (NFVIS), which may allow an attacker to infiltrate and manage the hosts completely. The vulnerabilities, identified as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, “could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM,” said the company.
Orange Group’s Cyrille Chatras, Pierre Denouel, and Loïc Restoux are credited with detecting and reporting the problems. Version 4.7.1 has been updated with new features. According to the networking equipment maker, the weaknesses affect Cisco Enterprise NFVIS in its default configuration. The following are the specifics of the three bugs:
- CVE-2022-20777 (CVSS score of 9.9): Inadequate guest limitations allow an authenticated, remote attacker to escape from the guest VM and acquire unauthorized root-level access to the NFVIS host.
- CVE-2022-20779 (CVSS score of 8.8): An unauthenticated, remote attacker can inject instructions that run at the root level on the NFVIS host through the image registration procedure due to a weakness in input validation.
- CVE-2022-20780 (CVSS score of 7.4): An unauthenticated, remote attacker might access system information from the host on any configured VM by exploiting a vulnerability in Cisco Enterprise NFVIS’ import function.
A high-severity weakness in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, which might allow an authenticated but unprivileged remote attacker to raise privileges to level 15, was also patched recently by Cisco.
“This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM),” said the company in an advisory for CVE-2022-20759 (CVSS score of 8.8).
In addition, Cisco published a “field notice” this week advising customers of Catalyst 2960X/2960XR appliances to update to IOS Release 15.2(7)E4 or later to activate new security capabilities intended to “verify the authenticity and integrity of our solutions” and avoid breaches.