CVE-2022-20779

Cisco Enterprise NFV Infrastructure Software Vulnerabilities

CVSS 9.9 CRITICALEPSS 10.2%CWE-284

Vexday Risk Score

33Atención

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.9EPSS 10.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

04 may 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Cisco · Cisco Enterprise NFV Infrastructure Software

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/orangecertcc/security-research/security/advisories/GHSA-77vw-2pmg-q492 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9