Cisco warns of critical vulnerability in virtualized network software
Multiple vulnerabilities have been discovered in Cisco's Enterprise NFV Infrastructure Software (NFVIS). The worst of the vulnerabilities could let an attacker escape from the guest virtual machine (VM) to the host machine, Cisco disclosed. The other two problems involve letting a bad actor inject commands that execute at the root level and allowing a remote attacker to leak system data from the host to the VM.
NFVIS is Linux-based infrastructure software designed to help enterprises and service providers to deploy virtualized network functions, such as a virtual router, firewall and WAN acceleration, Cisco stated.