Details of VAR-202205-0175

ID

VAR-202205-0175

CVE

CVE-2022-20777

TITLE

Cisco Enterprise NFV Infrastructure Software Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010079

DESCRIPTION

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Enterprise NFV Infrastructure Software (NFVIS) Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20777 // JVNDB: JVNDB-2022-010079 // VULHUB: VHN-405330 // VULMON: CVE-2022-20777

AFFECTED PRODUCTS

vendor:	cisco	model:	enterprise nfv infrastructure software	scope:	lt	version:	4.7.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco enterprise nfv infrastructure software	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco enterprise nfv infrastructure software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-010079 // NVD: CVE-2022-20777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20777
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20777
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-20777
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202205-2131
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-405330
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20777
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20777
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405330
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20777
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20777
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405330 // VULMON: CVE-2022-20777 // JVNDB: JVNDB-2022-010079 // CNNVD: CNNVD-202205-2131 // NVD: CVE-2022-20777 // NVD: CVE-2022-20777

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-405330 // JVNDB: JVNDB-2022-010079 // NVD: CVE-2022-20777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2131

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2131

PATCH

title:	cisco-sa-NFVIS-MUL-7DySRX9	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9	Trust: 0.8
title:	Cisco Enterprise NFV Infrastructure Software Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=247266	Trust: 0.6
title:	Cisco: Cisco Enterprise NFV Infrastructure Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-NFVIS-MUL-7DySRX9	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2022/05/06/cisco-f5-networking-vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2022-20777 // JVNDB: JVNDB-2022-010079 // CNNVD: CNNVD-202205-2131

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20777	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-010079	Trust: 0.8
db:	CS-HELP	id:	SB2022050512	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2131	Trust: 0.6
db:	VULHUB	id:	VHN-405330	Trust: 0.1
db:	VULMON	id:	CVE-2022-20777	Trust: 0.1

sources: VULHUB: VHN-405330 // VULMON: CVE-2022-20777 // JVNDB: JVNDB-2022-010079 // CNNVD: CNNVD-202205-2131 // NVD: CVE-2022-20777

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-nfvis-mul-7dysrx9	Trust: 1.9
url:	https://github.com/orangecertcc/security-research/security/advisories/ghsa-v56f-9gq3-rx3g	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20777	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20777/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050512	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.theregister.co.uk/2022/05/06/cisco-f5-networking-vulnerabilities/	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405330 // VULMON: CVE-2022-20777 // JVNDB: JVNDB-2022-010079 // CNNVD: CNNVD-202205-2131 // NVD: CVE-2022-20777

SOURCES

db:	VULHUB	id:	VHN-405330
db:	VULMON	id:	CVE-2022-20777
db:	JVNDB	id:	JVNDB-2022-010079
db:	CNNVD	id:	CNNVD-202205-2131
db:	NVD	id:	CVE-2022-20777

LAST UPDATE DATE

2024-08-14T14:43:55.739000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405330	date:	2022-05-11T00:00:00
db:	VULMON	id:	CVE-2022-20777	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-010079	date:	2023-08-10T06:28:00
db:	CNNVD	id:	CNNVD-202205-2131	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2022-20777	date:	2023-11-07T03:42:55.247

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405330	date:	2022-05-04T00:00:00
db:	VULMON	id:	CVE-2022-20777	date:	2022-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-010079	date:	2023-08-10T00:00:00
db:	CNNVD	id:	CNNVD-202205-2131	date:	2022-05-04T00:00:00
db:	NVD	id:	CVE-2022-20777	date:	2022-05-04T17:15:08.497