CVE-2022-20821 MEDIUM

CVE-2022-20821: Cisco IOS XR Software Health Check Open Port Vulnerability

Vendor Cisco

Product Cisco IOS XR Software

Weakness CWE-200 · Info exposure

KEV Status Known Exploited

Published May 26, 2022

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

May 26, 2022 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-20821 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2022-20821

Related vulnerabilities

CVE-2022-20821: Cisco IOS XR Software Health Check Open Port Vulnerability

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE