Multiple vulnerabilities have been discovered in Cisco’s Enterprise NFV Infrastructure Software (NFVIS). The worst of the vulnerabilities could let an attacker escape from the guest virtual machine (VM) to the host machine, Cisco disclosed. The other two problems involve letting a bad actor inject commands that execute at the root level and allowing a remote attacker to leak system data from the host to the VM.
NFVIS is Linux-based infrastructure software designed to help enterprises and service providers deploy virtualized network functions, such as a virtual router, firewall and WAN acceleration, Cisco stated.
Source:: Network World – Data Center