CVE-2022-20780

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:43

Type Values Removed Values Added
References () https://github.com/orangecertcc/security-research/security/advisories/GHSA-hrpq-384f-vrpg - Exploit, Third Party Advisory () https://github.com/orangecertcc/security-research/security/advisories/GHSA-hrpq-384f-vrpg - Exploit, Third Party Advisory
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 - Vendor Advisory
CVSS v2 : 4.3
v3 : 7.4
v2 : 4.3
v3 : 9.9

Information

Published : 2022-05-04 17:15

Updated : 2024-11-21 06:43


NVD link : CVE-2022-20780

Mitre link : CVE-2022-20780

CVE.ORG link : CVE-2022-20780


JSON object : View

Products Affected

cisco

  • enterprise_nfv_infrastructure_software
CWE
CWE-284

Improper Access Control

CWE-611

Improper Restriction of XML External Entity Reference