Cisco has addressed several security flaws found in the Enterprise NFV Infrastructure Software (NFVIS), a solution that helps virtualize network services for easier management of virtual network functions (VNFs).
Two of them, rated critical and high severity, can be exploited by attackers to run commands with root privileges or to escape the guest virtual machine (VM) and fully compromise NFVIS hosts.
Cisco’s Product Security Incident Response Team (PSIRT) says there is no proof-of-concept exploit code and no ongoing exploitation in the wild.
Root access to NFVIS hosts
One of them, a critical guest escape tracked as CVE-2022-20777, was found in Cisco Enterprise NFVIS’ Next Generation Input/Output (NGIO) feature.
CVE-2022-20777 is caused by insufficient guest restrictions and allows authenticated attackers to escape the guest VM and gain root-level access to the host in low complexity attacks without requiring user interaction.
“An attacker could exploit this vulnerability by sending an API call from a VM that will execute with root-level privileges on the NFVIS host. A successful exploit could allow the attacker compromise the NFVIS host completely,” Cisco explained.
The second (tracked as CVE-2022-20779) is a high severity command injection vulnerability in the image registration process of Cisco Enterprise NFVIS due to improper input validation.
Unauthenticated attackers can exploit it remotely to inject commands that execute with root privileges on the host during the image registration process in low-complexity attacks that require interaction.
“An attacker could exploit this vulnerability by persuading an administrator on the host machine to install a VM image with crafted metadata that will execute commands with root-level privileges during the VM registration process,” Cisco added.
“A successful exploit could allow the attacker to inject commands with root-level privileges into the NFVIS host.”
The company has released security updates to fix these flaws and said that there are no workarounds to address the vulnerabilities.
|Cisco Enterprise NFVIS Release||First Fixed Release|
|Earlier than 4.0||Migrate to a fixed release.|
Last month, Cisco also fixed a bug in the Cisco Umbrella Virtual Appliance (VA) that let unauthenticated attackers steal admin credentials remotely.
One week before, the company asked customers to apply security updates to patch a maximum severity vulnerability in the Wireless LAN Controller (WLC) software that enabled hackers to craft their own login credentials.