Cisco resolved several vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS). No exploits by cybercriminals were observed so far.

Cisco Enterprise NFVIS provides various virtual network services for the management of virtual network functions (VNFs). The newly addressed vulnerabilities allowed hackers to completely compromise NFVIS hosts.

Two important vulnerabilities

Two vulnerabilities require particular attention due to their severity. The CVE-2022-20777 vulnerability is found in the Next Generation Input/Output (NGIO) feature. It’s caused by insufficient restrictions on guests. This allows authenticated attackers to escape from the guest vm environment and subsequently gain root access to the host with small attacks, without requiring any interaction from a user. In this way, the hackers can take over the entire NFVIS host.

The other major vulnerability found is CVE-2022-20779. This vulnerability allows code injection into the image registration process of Cisco Enterprise NFVIS, made possible by poor input validation.

Unauthenticated hackers can remotely exploit the vulnerability to inject commands that execute root privileges on the host. This takes place during the image registration process and requires small-scale attack interactions with affected end users.

Cisco resolved some vulnerabilities in its Cisco Enterprise NFV Infrastructure Software (NFVIS). There’s no evidence of the vulnerabilities being exploited in the wild.

Fixes released

Cisco states that all vulnerabilities found have been fully resolved with recent fixes. Customers with Cisco Enterprise NFVIS versions lower than version 4.0 are advised to upgrade to a newer release. Customers with version 4.0 can now upgrade to the latest patched version 4.7.1.

Tip: Cisco router vulnerabilities bring broad risks to SMB customers