ID

VAR-202205-0174


CVE

CVE-2022-20779


TITLE

Cisco Enterprise NFV Infrastructure Software  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010080

DESCRIPTION

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Enterprise NFV Infrastructure Software (NFVIS) There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20779 // JVNDB: JVNDB-2022-010080 // VULHUB: VHN-405332 // VULMON: CVE-2022-20779

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:ltversion:4.7.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco enterprise nfv infrastructure softwarescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010080 // NVD: CVE-2022-20779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20779
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20779
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20779
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202205-2132
value: HIGH

Trust: 0.6

VULHUB: VHN-405332
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20779
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20779
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405332
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20779
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20779
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20779
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405332 // VULMON: CVE-2022-20779 // JVNDB: JVNDB-2022-010080 // CNNVD: CNNVD-202205-2132 // NVD: CVE-2022-20779 // NVD: CVE-2022-20779

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405332 // JVNDB: JVNDB-2022-010080 // NVD: CVE-2022-20779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2132

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2132

PATCH

title:cisco-sa-NFVIS-MUL-7DySRX9url:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9

Trust: 0.8

title:Cisco Enterprise NFV Infrastructure Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192433

Trust: 0.6

title:Cisco: Cisco Enterprise NFV Infrastructure Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-NFVIS-MUL-7DySRX9

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/05/06/cisco-f5-networking-vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2022-20779 // JVNDB: JVNDB-2022-010080 // CNNVD: CNNVD-202205-2132

EXTERNAL IDS

db:NVDid:CVE-2022-20779

Trust: 3.4

db:JVNDBid:JVNDB-2022-010080

Trust: 0.8

db:CS-HELPid:SB2022050512

Trust: 0.6

db:CNNVDid:CNNVD-202205-2132

Trust: 0.6

db:VULHUBid:VHN-405332

Trust: 0.1

db:VULMONid:CVE-2022-20779

Trust: 0.1

sources: VULHUB: VHN-405332 // VULMON: CVE-2022-20779 // JVNDB: JVNDB-2022-010080 // CNNVD: CNNVD-202205-2132 // NVD: CVE-2022-20779

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-nfvis-mul-7dysrx9

Trust: 1.9

url:https://github.com/orangecertcc/security-research/security/advisories/ghsa-77vw-2pmg-q492

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20779

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20779/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022050512

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2022/05/06/cisco-f5-networking-vulnerabilities/

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405332 // VULMON: CVE-2022-20779 // JVNDB: JVNDB-2022-010080 // CNNVD: CNNVD-202205-2132 // NVD: CVE-2022-20779

SOURCES

db:VULHUBid:VHN-405332
db:VULMONid:CVE-2022-20779
db:JVNDBid:JVNDB-2022-010080
db:CNNVDid:CNNVD-202205-2132
db:NVDid:CVE-2022-20779

LAST UPDATE DATE

2024-11-23T22:24:51.139000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405332date:2022-05-11T00:00:00
db:VULMONid:CVE-2022-20779date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-010080date:2023-08-10T06:30:00
db:CNNVDid:CNNVD-202205-2132date:2022-05-12T00:00:00
db:NVDid:CVE-2022-20779date:2024-11-21T06:43:32.460

SOURCES RELEASE DATE

db:VULHUBid:VHN-405332date:2022-05-04T00:00:00
db:VULMONid:CVE-2022-20779date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-010080date:2023-08-10T00:00:00
db:CNNVDid:CNNVD-202205-2132date:2022-05-04T00:00:00
db:NVDid:CVE-2022-20779date:2022-05-04T17:15:08.557