Published on: Not Yet Published
Last Modified on: 03/16/2023 01:22:00 PM UTC
CVE-2022-20929 - advisory for cisco-sa-NFVIS-ISV-BQrvEv2hSource: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Enterprise Nfv Infrastructure Software from Cisco contain the following vulnerability:
A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.
- CVE-2022-20929 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
CVSS3 Score: 7.8 - HIGH
|Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability|| sec.cloudapps.cisco.com |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
|Application||Cisco||Enterprise Nfv Infrastructure Software||All||All||All||All|
No vendor comments have been submitted for this CVE
|@MachinaRecord||⚠️新たなマルウェアMaggie：250台超のMicrosoft SQLサーバーが既に感染 ?電気通信事業者Telstraでデータ侵害、従業員情報漏洩の恐れ ?Ciscoの複数製品に脆弱性（CVE-2022-20929、CVE… twitter.com/i/web/status/1…||2022-10-06 07:46:11|
|@autumn_good_35||『allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload.』 CVE-2022-20929 Cisco… twitter.com/i/web/status/1…||2022-10-06 13:46:16|