Cisco patched three security vulnerabilities affecting its Enterprise NFV Infrastructure Software. The flaws could allow an attacker to obtain full control of the exposed hosts.
It is important to note that the vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, are not dependent on one another. In other words, exploitation of one of them is not required to exploit another, the advisory said. Furthermore, a software release affected by one of the flaws may not be affected by the other.
CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780 in Detail
The vulnerabilities could enable a threat actor to escape from the guest virtual machine to the host machine, and then inject commands that execute at the root level. Another possible outcome of the attack is leaking system data from the host to the virtual machine.
The issues were discovered and reported by security researchers Cyrille Chatras, Pierre Denouel, and Loïc Restoux of Orange Group. Fortunately, updates have already been released in version 4.7.1 of Enterprise NFV Infrastructure Software. Note that only the default configuration of the software is impacted.
CVE-2022-20777 has a CVSS score of 9.9, making it a critical vulnerability. According to the advisory, the issue stems from insufficient guest restrictions that could allow an authenticated, remote attacker to escape from the guest virtual machine to gain unauthorized root-level access.
CVE-2022-20779 has a CVSS score of 8.8 out of 10. It has been described as an improper input validation issue allowing for an unauthenticated, remote attacker to inject commands that execute at the root level on the host during the image registration process.
CVE-2022-20780 has a CVSS score of 7.4, and affects the import function of Cisco’s software. The flaw could allow an unauthenticated, remote attacker to access system information from the host on any configured virtual machine.
Did you know?
CVEs, or Common Vulnerabilities and Exposures, standardize the way disclosed vulnerabilities and exposures are identified; a process which is quite important to security administrators. Thanks to the standardization, they could access specific technical details about active threats through the CVE information sources.