CVE-2022-20821

Warning

EPSS 13.18%
Published 26.05.2022 14:15:08
Last modified 24.02.2025 15:24:27
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.

Affected products Warnungen 1 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xr Version-

   Cisco ≫ 8201 Version-
   Cisco ≫ 8202 Version-
   Cisco ≫ 8208 Version-
   Cisco ≫ 8212 Version-
   Cisco ≫ 8218 Version-
   Cisco ≫ Ncs-55a1-24h Version-
   Cisco ≫ Ncs-55a1-24q6h-s Version-
   Cisco ≫ Ncs-55a1-36h-s Version-
   Cisco ≫ Ncs-55a1-36h-se Version-
   Cisco ≫ Ncs-55a1-36h-se-s Version-
   Cisco ≫ Ncs-55a2-mod-hd-s Version-
   Cisco ≫ Ncs-55a2-mod-hx-s Version-
   Cisco ≫ Ncs-55a2-mod-s Version-
   Cisco ≫ Ncs-55a2-mod-se-h-s Version-
   Cisco ≫ Ncs-55a2-mod-se-s Version-
   Cisco ≫ Ncs 1001 Version-
   Cisco ≫ Ncs 1002 Version-
   Cisco ≫ Ncs 1004 Version-
   Cisco ≫ Ncs 5001 Version-
   Cisco ≫ Ncs 5002 Version-
   Cisco ≫ Ncs 5501-se Version-
   Cisco ≫ Ncs 5502-se Version-
   Cisco ≫ Ncs 5504 Version-
   Cisco ≫ Ncs 5508 Version-
   Cisco ≫ Ncs 5516 Version-
   Cisco ≫ Ncs 55a1 Version-
   Cisco ≫ Ncs 55a2 Version-

23.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS XR Open Port Vulnerability

Vulnerability

Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.18%	0.938

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
psirt@cisco.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-20821

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20821

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20821

EUVD