May 28, 2023

Cisco has released security patches to address a medium-severity vulnerability affecting IOS XR Software, tracked as CVE-2022-20821 with a CVSS score: 6.5, that threat actors are actively exploiting in attacks in the wild affecting Cisco 8000 routers

The flaw resides in the health check RPM of Cisco IOS XR Software, an unauthenticated, remote attacker could trigger the issue to access the Redis instance that is running within the NOSi container.

Advertisements

An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database.

Users can determine if the device is vulnerable, users can issue the run docker ps CLI command. The device is vulnerable if the output returns a docker container with the name NOSi like the following example:

Cisco IOS XR flaw

Below are the workarounds that address this vulnerability:

  • Option 1: This is the preferred method. Disable health check and explicitly disable the use cases.
  • Option 2: Use an Infrastructure Access Control List (iACLs) to block port 6379.
Tags:

Leave a Reply

You may have missed

Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
Volt Typhoon – Chinese Threat Actor Targetting US Infra

Volt Typhoon – Chinese Threat Actor Targetting US Infra

May 25, 2023
%d bloggers like this: