Many vulnerabilities have been identified in the Cisco NFV Infrastructure Software (NFVIS). The worst of the vulnerabilities could allow the attacker to escape from the virtual guest machine (VM) to the host machine, Cisco revealed. The other two problems include allowing a bad actor to inject commands that run at a basic level and allow a remote attacker to leak system data from the host to the VM.
NFVIS is Linux-based infrastructure software designed to help businesses and service providers deploy virtualized networking features such as a virtual router, firewall, and WAN acceleration, Cisco said.
The critical vulnerability – with a CVSS score of 9.9 out of 10 – could allow an attacker to send an API call from a virtual machine that will be executed with root privileges on the NFVIS host. A successful exploit may allow the attacker to completely compromise the NFVIS host. Cisco said the vulnerability was due to insufficient restrictions on guests.
Another exposure in the NFVIS image registration process may allow an uncertified, remote attacker to inject commands that can then be executed at the NFVIS host master level during the image registration process. The weakness may persuade the host machine administrator to install a VM image with generated metadata that will execute root commands–level privileges during the VM registration process, Cisco said. A successful exploit may allow the attacker to inject root privilege commands into the NFVIS host. This vulnerability is due to improper input validation, Cisco said.
The third tip for NFVIS is the software import feature, which can allow an uncertified remote attacker to leak system data from the host to any configured virtual machine. An attacker could exploit this vulnerability by persuading an administrator to import a fabricated file that would read host data and write it to any configured virtual machine. A successful exploit could allow an attacker to access system information from the host, such as user data files, on any configured virtual machine, Cisco said. An attacker who already has authenticated access to a virtual machine that is configured on the NFVIS host can gain direct access to confidential system information, Cisco said.
This vulnerability is due to the separation of external objects in the XML analyzer, Cisco added.
Cisco issued free software updates who address these vulnerabilities and say there are no workarounds.
Copyright © 2022 IDG Communications, Inc.