CVE-2022-20821 — Cisco IOS XR Open Port Vulnerability
2022-05-23 • CISA Known Exploited Vulnerability
[event] Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Cisco |
| Product | IOS XR |
| CWE | CWE-923 |
| CVE ID | CVE-2022-20821 |
| Date Added | 2022-05-23 |
| Due Date | 2022-06-13 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-06-13