CVE-2022-20777 | Multiple vulnerabilities in Cisco Enterprise NFV Infrastruct… | CVSS 9.9 CRITICAL

Description

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

Metadata

CVE ID: CVE-2022-20777
State: PUBLISHED
Assigner: cisco
Reserved: 2021-11-02 00:00 UTC
Published: 2022-05-04 17:05 UTC
Last updated: 2024-11-06 16:16 UTC
Primary CWE: CWE-284
CWE-284
Vendor / Product: Cisco / Cisco Enterprise NFV Infrastructure Software
Sources: cve.org · NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Cisco	Cisco Enterprise NFV Infrastructure Software	—	n/a

Weakness (CWE)

CWE	Source	Description
CWE-284	cna	CWE-284

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.9	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References (2)

20220504 Cisco Enterprise NFV Infrastructure Software Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
https://github.com/orangecertcc/security-research/security/advisories/GHSA-v56f-9gq3-rx3g