VM escape and root access bugs fixed in Cisco NFV infrastructure software

A trio of CVEs not related to each other patched by Cisco to fix the ability for attackers to escape from guest virtual machines, run commands as root, and leak system data.

zdnet-cisco-network-cert.jpg

Image: Thomas Jensen/Unsplash

Cisco has released patches for a trio of bugs that hit its Enterprise NFV Infrastructure Software, and could result in escaping from virtual machines, running commands as root, and leaking system data.

Leading the way with a CVSS score of 9.9 is CVE-2022-20777 and relates to a bug in next generation input/output feature that allowed an authenticated remote attacker to jump out of the guest VM and run commands as root on the host machines via an API call. Cisco obviously points out that such access could compromise the host completely.

For unauthenticated remote attackers, CVE-2022-20779 with a CVSS score of 8.8, allows for root commands to be run if an administrator can be convinced to install VM image with crafted metadata that will execute the commands when the VM is registered.

Rounding out the trio is a vulnerability dubbed CVE-2022-20780 with a CVSS score of 7.4 that exists in an XML parser and could leak system data.

"An attacker could exploit this vulnerability by persuading an administrator to import a crafted file that will read data from the host and write it to any configured VM," Cisco said.

"A successful exploit could allow the attacker to access system information from the host, such as files containing user data, on any configured VM."

Cisco has been under the pump on the security front in the past month, with 64 vulnerabilities either appearing or being updated since April 13.

Of that number, a vulnerability in the Cisco Wireless LAN Controller scored a perfect CVSS score of 10 due to an attacker being able to bypass password validation.

"An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials," the company said.

"A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials."

To be vulnerable, devices needed to have the MAC filter radius compatibility option set to other.

At the same time, Cisco said it had conducted tests with customers on predictive models related to network issues.

"Cisco predictive networks work by gathering data from a myriad of telemetry sources. Once integrated, it learns the patterns using a variety of models and begins to predict user experience issues, providing problem solving options," the company said.

"Customers can decide how far and wide they want to connect the engine throughout the network, giving them flexible options to expand as they need."

Related Coverage

Show Comments