Insufficient upgrade signature verification in Cisco Enterprise NFV Infrastructure Software
CVE-2022-20929

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Enterprise Nfv Infrastructure Software
Vendor: CVE Published:; 10 March 2023

Badges

👾 Exploit Exists

Summary

A vulnerability exists in Cisco Enterprise NFV Infrastructure Software (NFVIS) related to the insufficient verification of upgrade file signatures. This security flaw could enable an unauthorized local attacker to present a non-authentic upgrade file for upload. If an administrator unknowingly accepts such a file, it could lead to a complete compromise of the NFVIS system, jeopardizing its integrity and security. Administrators are urged to review systems and apply any relevant security measures to mitigate exposure to this risk.

Affected Version(s)

Cisco Enterprise NFV Infrastructure Software 3.5.1

Cisco Enterprise NFV Infrastructure Software 3.5.2

Cisco Enterprise NFV Infrastructure Software 3.6.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Mar 10, 2023
Vulnerability Reserved
Nov 2, 2021