Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an malicious user to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco enterprise nfv infrastructure software |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources BIG-IP iControl authentication bypass, NFV VM escape, and more
F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products. F5 officials said Thursday its most serious issue, a critical flaw in its iControl REST framework with a severity score of 9.8 out of 10, could be exploited to bypass the authentication software, used by its BIG-IP portfolio, and hijack equipment. Specifically, the vulnerability, tracked as CVE-2022-1388, can be abused by miscreants to, among other things, run ma...