CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jun 13, 2022

CVE-2022-20821

High

EPSS 20.4%CISA KEV

Description

Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.

EPSS — Exploit Probability

20.4%

Higher than 95.4% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2022-20821

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 20.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

May 23, 2022

Added to KEV

May 23, 2022

Remediation Due

Jun 13, 2022

Affected Product

Cisco

IOS XR

View all Cisco CVEs

External Links

NVD (NIST)CVE Details MITRE CVE