Cisco released security updates to address a medium-severity vulnerability tracked as CVE-2022-20821 impacting IOS XR software.
Cisco released security updates to address a medium-severity vulnerability tracked as CVE-2022-20821 impacting IOS XR software.
The IOS XR Network OS is deployed on various Cisco router platforms, including NCS 540 & 560, NCS 5500, 8000 and ASR 9000 series routers.
The bug tracked as CVE-2022-20821 was uncovered during a CISCO Technical Assistance Center support case resolution.
“This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port," Cisco explained.
"A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database."
Even if attackers exploit this vulnerability, they cannot execute code remotely or compromise the host system’s integrity because the Redis instance operates in a sandboxed container.
While the flaw only impacts Cisco 8000 Series routers where the health check RPM is installed and active, Cisco advised customers in an advisory published to patch or apply workarounds on appliances running vulnerable software.
Below are the workarounds for customers who cannot instantly apply security mitigates this vulnerability:
- Option 1: Disable the health check and remove the health check RPM from vulnerable devices.
- Option 2: Use an Infrastructure Access Control List (iACLs) to block port 6379.
The company reported that, in May 2022, the Cisco PSIRT became aware of the attempted exploitation of this vulnerability in the wild. Cisco strongly urges that customers apply suitable workarounds or upgrade to a fixed software release to remediate this vulnerability.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?