VM escape and root access bugs fixed in Cisco NFV infrastructure software

Written by , APAC Editor Chris Duckett APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio Image: Thomas Jensen/Unsplash

Cisco has released patches for a trio of bugs that hit its Enterprise NFV Infrastructure Software, and could result in escaping from virtual machines, running commands as root, and leaking system data.

Leading the way with a CVSS score of 9.9 is CVE-2022-20777 and relates to a bug in next generation input/output feature that allowed an authenticated remote attacker to jump out of the guest VM and run commands as root on the host machines via an API call. Cisco obviously points out that such access could compromise the host completely.

For unauthenticated remote attackers, CVE-2022-20779 with a CVSS score of 8.8, allows for root commands to be run if an administrator can be convinced to install VM image with crafted metadata that will

Read More: https://www.zdnet.com/article/vm-escape-and-root-access-bugs-fixed-in-cisco-nfv-infrastructure-software/#ftag=RSSbaffb68