Cisco Releases Updates for 8000 Series Routers

Cisco PSIRT are aware of attempted exploitation of vulnerability known as CVE-2022-20821 in the wild

Threat ID:: CC-4099
Threat Severity:: Information only
Published:: 24 May 2022 1:46 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Cisco PSIRT are aware of attempted exploitation of vulnerability known as CVE-2022-20821 in the wild

Affected platforms

The following platforms are known to be affected:

Cisco 8000 Series Routers

Devices vulnerable only if they are running a vulnerable release of Cisco IOS XR Software and have the health check RPM installed and active.

Threat details

Introduction

Cisco has released a security update to address an open port vulnerability in Cisco 8000 Series Routers, which can be present if the devices were running a vulnerable release of Cisco IOS XR Software and had the health check Route Processor Module (RPM) installed and active. The vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.

The Cisco Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability in the wild.

Remediation advice

Affected organisations are encouraged to review the Cisco IOS XR Software Health Check Open Port Vulnerability advisory and apply the necessary updates or workarounds.

Definitive source of threat updates

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK

CVE Vulnerabilities

Status Reserved

CVE-2022-20821

Last edited: 24 May 2022 2:26 pm