#VU63500 Improper access control in Cisco IOS XR - CVE-2022-20821
Published: May 21, 2022
Vulnerability identifier: #VU63500
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2022-20821
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Cisco IOS XR
Cisco IOS XR
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to unrestricted access to the Redis instance running within the NOSi container, accessible via port 6379/tcp (the health check RPM opens this port by default). A remote non-authenticated attacker can connect to the Redis instance and obtain sensitive information or modify it.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install updates from vendor's website.