Cisco Patches Critical VM Escape in NFV Infrastructure Software


Cisco released fixes for Enterprise Network Function Virtualization Infrastructure Software (NFVIS) on Wednesday, including a significant flaw that allows attackers to escape from a guest virtual machine (VM).

The problem, according to the IT giant, is due to insufficient guest restrictions. An authenticated attacker might issue an API call from a VM and have it performed with root-level privileges on the NFVIS host, resulting in full host compromise.

Read More…