Cisco IOS XR Security Restriction Bypass Vulnerability
Release Date: 23 May 2022
RISK: High Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in Cisco IOS XR. An attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.
Note:
CVE-2022-20821 is being exploited in the wild.
The vulnerability is related to the Cisco IOS XR health check RPM opens TCP port 6379 by default. The vulnerability can exploit the opening port that allows unauthorized access to the Redis instance running within the NOSi container.
Impact
- Security Restriction Bypass
System / Technologies affected
- Cisco IOS XR Version 7.3.3
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
沒有留言:
發佈留言