Cisco Fixes NFVIS Bugs that Help Gain Root and Hijack Hosts
Cisco has addressed several security flaws found in the Enterprise NFV Infrastructure Software (NFVIS), a solution that helps virtualize network services for easier management of virtual network functions (VNFs).
Two of them, rated critical and high severity, can be exploited by attackers to run commands with root privileges or to escape the guest virtual machine (VM) and fully compromise NFVIS hosts.
Cisco’s Product Security Incident Response Team (PSIRT) says there is no proof-of-concept exploit code and no ongoing exploitation in the wild.
Also Read: Employment Application Template: What Information Required
Since attackers could exploit these vulnerabilities to take control of impacted systems, CISA also issued an alert on Thursday asking admins to review Cisco’s advisory and apply security updates.
Root access to NFVIS hosts
One of the security flaws, a critical guest escape tracked as CVE-2022-20777, was found in Cisco Enterprise NFVIS’ Next Generation Input/Output (NGIO) feature.
CVE-2022-20777 is caused by insufficient guest restrictions and allows authenticated attackers to escape the guest VM and gain root-level access to the host in low complexity attacks without requiring user interaction.
“An attacker could exploit this vulnerability by sending an API call from a VM that will execute with root-level privileges on the NFVIS host. A successful exploit could allow the attacker compromise the NFVIS host completely,” Cisco explained.
A second one (tracked as CVE-2022-20779) is a high severity command injection vulnerability in the image registration process of Cisco Enterprise NFVIS due to improper input validation.
Also Read: Data Protection Trustmark Certification: Business Advantage
Unauthenticated attackers can exploit it remotely to inject commands that execute with root privileges on the host during the image registration process in low-complexity attacks that require interaction.
“An attacker could exploit this vulnerability by persuading an administrator on the host machine to install a VM image with crafted metadata that will execute commands with root-level privileges during the VM registration process,” Cisco added.
“A successful exploit could allow the attacker to inject commands with root-level privileges into the NFVIS host.”
The company has released security updates to fix these flaws and said that there are no workarounds to address the vulnerabilities.
|Cisco Enterprise NFVIS Release||First Fixed Release|
|Earlier than 4.0||Migrate to a fixed release.|
Last month, Cisco also fixed a bug in the Cisco Umbrella Virtual Appliance (VA) that let unauthenticated attackers steal admin credentials remotely.
One week before, the company asked customers to apply security updates to patch a maximum severity vulnerability in the Wireless LAN Controller (WLC) software that enabled hackers to craft their own login credentials.
Update: Added CISA alert info.