• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-20777- A Critical Guest Escape Vulnerability In Cisco NFVIS
How to Fix CVE-2022-20777- A Critical Guest Escape Vulnerability in Cisco NFVIS

The network appliances manufacturer giant Cisco published an advisory on 4th May in which Cisco detailed about three new vulnerabilities in Cisco Enterprise NFV Infrastructure Software. The vulnerabilities are tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780 are one critical and two high severity vulnerabilities with a CVSS score of 9.9, 8.8, and 7.4 out of 10. “These flaws allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM”. Since these flaws allow the attacker to gain unauthorized root-levelaccess on the NFVIS host. It is considered critical and should fix it as soon as possible. Let’s see how to fix CVE-2022-20777, a critical guest escape vulnerability in Cisco NFVIS.

About Cisco Enterprise NFV Infrastructure Software:

Cisco NFVIS is a network virtualization solution that helps enterprises manage their networks more efficiently and effectively. Designed to seamlessly integrate with Cisco’s other networking solutions, Cisco NFVIS allows businesses to quickly provision and streamline new applications and services for their users.

With Cisco NFVIS, companies can easily create network slices that are customized to each individual user or group of users. This gives businesses greater control over the resources they allocate to different departments or lines of business, allowing them to achieve greater operational efficiency and agility. Additionally, Cisco NFVIS provides comprehensive integration with Cisco UCS Director for simplified management of compute resources as well as Cisco CloudCenter for seamless deployment of cloud-based workloads.

If you’re looking for a powerful network virtualization solution that can help your business overcome the challenges of today’s complex networks, Cisco NFVIS is the right choice. Contact Cisco today to learn more about Cisco NFVIS and how it can benefit your organization.

List Of Vulnerabilities Published In The Advisory:

  1. CVE-2022-20777: A Guest Escape Vulnerability in Cisco Enterprise NFVIS
  2. CVE-2022-20779: A Command Injection Vulnerability in Cisco Enterprise NFVIS
  3. CVE-2022-20780: A XML External Entity Injection Vulnerability in Cisco Enterprise NFVIS

Summary Of CVE-2022-20777:

This is a guest escape vulnerability in Next Generation Input/Output (NGIO) feature Cisco NFVIS. This flaw is due to insufficient guest restrictions in Cisco NFVIS. This vulnerability allow an authenticated, remote attacker to escape from the guest VM to gain unauthorized root-levelaccess on the NFVIS host by sending an API call from a VM.

Associated CVE IDCVE-2022-20777
DescriptionA Guest Escape Vulnerability in Cisco Enterprise NFVIS
Associated ZDI ID
CVSS Score9.9 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Summary Of CVE-2022-20779:

This is a Command Injection Vulnerability in Cisco Enterprise NFVIS.  This vulnerability is due to improper input validation in the image registration process of Cisco Enterprise NFVIS. This flaw allows an unauthenticated, remote attacker to inject commands that execute at the root level on the NFVIS host during the image registration process by persuading an administrator on the host machine to install a VM image with crafted metadata that will execute commands with root-level privileges during the VM registration process.

Associated CVE IDCVE-2022-20779
DescriptionA Command Injection Vulnerability in Cisco Enterprise NFVIS
Associated ZDI ID
CVSS Score8.8 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Summary Of CVE-2022-20780:

This is a XML External Entity Injection Vulnerability in Cisco Enterprise NFVIS. This flaw is due to the resolution of external entities in the XML parser in the import function of Cisco Enterprise NFVIS. The flaw allows an unauthenticated, remote attacker to leak system data from the host to the VM. This vulnerability allows attackers to access system information such as files containing user data from the host on the VM by persuading an administrator to import a crafted file that will read data from the host and write it to the VM.

Associated CVE IDCVE-2022-20780
DescriptionA XML External Entity Injection Vulnerability in Cisco Enterprise NFVIS
Associated ZDI ID
CVSS ScoreHigh
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Products Vulnerable To These Flaws:

Cisco says in its advisory that Cisco NFVIS versions earlier than v4.0 are vulnerable to these flaws. For a note, default configuration on Cisco NFVIS are prone to these vulnerabilities. We recommend to fix these vulnerabilities specially the critical severity flaw that is CVE-2022-20777, Guest Escape Vulnerability in Cisco Enterprise NFVIS at the earliest.

How To Fix CVE-2022-20777- A Critical Guest Escape Vulnerability In Cisco NFVIS?

There are no interdependencies among the flaws. Exploitation of one vulnerability does not require the exploitation of another vulnerability. Furthermore, a software upgrade that is impacted by one of the vulnerabilities may not be affected by any others.

Cisco has released free software updates by releasing the fixed version that is v4.7.1. We recommend to upgrade to any version greater then equal to v4.7.1.

Please refer this PDF to see how to upgrade Cisco NFVIS to the latest version.

We hope this post will help youhow to fix CVE-2022-20777, a critical guest escape vulnerability in Cisco NFVIS. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.