CVE-2022-20779

Cisco Enterprise NFV Infrastructure Software Vulnerabilities

CVSS 9.9 CRITICALEPSS 10.2%CWE-284

Vexday Risk Score

33Atenção

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.9EPSS 10.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

04 mai 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

Cisco · Cisco Enterprise NFV Infrastructure Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/orangecertcc/security-research/security/advisories/GHSA-77vw-2pmg-q492 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9