Site icon The Cybersecurity Daily News

CISCO releases patches for three flaws plaguing NFVIS software

CyberDaily: Cybersecurity news-

Cisco systems rolled out patches for three flaws affecting its enterprise NFV Infrastructure Software (NFVIS). The attackers can use the flaw to compromise and take over the controls from users.

The flaws labelled CVE-2022-20777, CVE-2022-20779 and CVE-2022-20780, “could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM,” the company said.

Cyrille Chatras, Pierre Denouel, and Loïc Restoux of Orange Group discovered and reported the flaw; Updates have been rolled out in version 4.7.1.

The networking equipment company said the flaws affect Cisco Enterprise NFVIS in the default configuration. Details of the three bugs are as follows –

Further, CISCO patched a severe flaw in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could et an authenticated, but unprivileged, remote attacker to raise privileges to level 15.

“This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM),” the company noted in an advisory for CVE-2022-20759 (CVSS score: 8.8).


Exit mobile version