Cisco released Friday fixes to a vulnerability of medium severity affecting IOS XR Software. It said that the vulnerability has been used in real-world attacks.
Tracked as CVE-2022-20821 (CVSS score: 6. 5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution.
“A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database,” Cisco said in an advisory.
“Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. “
The flaw was discovered during resolution of a case at the technical assistance center (TAC). It affects Cisco 8000 Series routers that run IOS XR Software with the Health Check RPM active and installed.
The networking equipment manufacturer also warned that the zero-day bug was being exploited earlier in the month. “Cisco strongly recommends that customers apply suitable workarounds or upgrade to a fixed software release to remediate this vulnerability,” it added.