Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-20821
HistoryMay 26, 2022 - 2:15 p.m.

CVE-2022-20821

2022-05-2614:15:00
CWE-200
[email protected]
web.nvd.nist.gov
924
In Wild
6
cisco
ios xr software
vulnerability
unauthenticated access
redis
nosi container
cve-2022-20821

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.5%

JSON

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.

CPENameOperatorVersion
cisco:ios_xrcisco ios xreq-

Social References

More

Related

prion 1
attackerkb 1
cisa_kev 1
cisco 1
thn 1
cvelist 1
nessus 1
prion
prion
Design/Logic Flaw
2022-05-26 14:15:00
attackerkb
attackerkb
CVE-2022-20821
2022-05-20 00:00:00
cisa_kev
cisa_kev
Cisco IOS XR Open Port Vulnerability
2022-05-23 00:00:00
cisco
cisco
Cisco IOS XR Software Health Check Open Port Vulnerability
2022-05-20 16:00:00
thn
thn
Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
2022-05-21 03:57:00
cvelist
cvelist
CVE-2022-20821 Cisco IOS XR Software Health Check Open Port Vulnerability
2022-05-20 00:00:00
nessus
nessus
Cisco IOS XR Software Health Check Open Port (cisco-sa-iosxr-redis-ABJyE5xK)
2022-05-26 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.5%

JSON
Related for CVE-2022-20821
prion1attackerkb1cisa_kev1cisco1thn1cvelist1nessus1