Cisco warns of critical vulnerability in virtualized network software

Several vulnerabilities have been discovered in Cisco’s Enterprise NFV Infrastructure Software (NFVIS). The worst of the vulnerabilities could allow an attacker to escape from the guest virtual machine (VM) to the host machine, Cisco has revealed. The other two issues involve letting a malicious actor inject commands that run at the root level and allowing a remote attacker to leak system data from the host to the virtual machine.

NFVIS is Linux-based infrastructure software designed to help enterprises and service providers deploy virtualized network functions, such as a virtual router, firewall and WAN acceleration, Cisco said.

The critical vulnerability – with a CVSS score of 9.9 out of 10 – could allow an attacker to send an API call from a virtual machine that will run with root-level privileges on the NFVIS host. A successful exploit could allow the attacker to completely compromise an NFVIS host. Cisco said the vulnerability is due to insufficient guest restrictions.

Another exposure in the NFVIS image save process could allow an unauthenticated remote attacker to inject commands that could then run at the root level on the NFVIS host during the image save process . The weakness could convince an administrator on the host machine to install a virtual machine image with specially crafted metadata that will run commands with rootlevel privileges during the virtual machine registration process, Cisco said. A successful exploit could allow the attacker to inject commands with root-level privileges into the NFVIS host. The vulnerability is caused by improper input validation, Cisco said.

The third NFVIS advisory concerns the software import feature that could allow an unauthenticated remote attacker to leak host system data to any configured virtual machine. An attacker could exploit this vulnerability by tricking an administrator into importing a specially crafted file that will read host data and write it to any configured virtual machine. A successful exploit could allow the attacker to access host system information, such as files containing user data, on any configured virtual machine, Cisco said. An attacker who already has authenticated access to a virtual machine configured in the NFVIS host could gain direct access to sensitive system information, Cisco said.

The vulnerability is due to external entity resolution in the XML parser, Cisco added.

Cisco has released free software updates that fix these vulnerabilities and said there is no workaround.

Join the Network World communities on Facebook and LinkedIn to comment on the topics that matter to you.

Copyright © 2022 IDG Communications, Inc.

Comments are closed.