CVE-2022-20821: Cisco IOS XR Open Port Vulnerability
CVE-2022-20821: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-30T13:31:44.080Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.
- Context preserved from previous revision: A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. 1. Use only isolated environments and systems you own or are explicitly authorized to test.
Technical Details
- CVE: CVE-2022-20821
- KEV date added: 2022-05-23
- KEV due date: 2022-06-13
- NVD published: 2022-05-26
- NVD modified: 2025-10-28
- MITRE modified: 2025-10-21
- CVSS base score: 6.5
- CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- CVSS exploitability score: 3.9
- CVSS impact score: 2.5
- Attack vector: Network
- Attack complexity: Low
- Privileges required: None
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: Low
- Integrity impact: Low
- Availability impact: None
Versions and Products Impacted
- cisco / ios xr
- Cisco / Cisco IOS XR Software (versions: n/a)
Weakness Classification
- CWE-200
- NVD-CWE-noinfo
Repositories for Lab Validation (Public Examples)
- Ostorlab/KEV | stars: 608 | updated: 2026-03-23 | https://github.com/Ostorlab/KEV
Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs. - santosomar/kev_checker | stars: 24 | updated: 2026-02-12 | https://github.com/santosomar/kev_checker
Notes: A basic Python program to check Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog - AlphabugX/CVE-2022-RCE | stars: 5 | updated: 2025-09-27 | https://github.com/AlphabugX/CVE-2022-RCE
Notes: test 反向辣鸡数据投放 CVE-2022-23305 工具 利用 教程 Exploit POC
People and Organizations Mentioned
- cisco
- IOS XR
- Ostorlab
- santosomar
- AlphabugX
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Inventory cisco / ios xr assets and confirm exact vulnerable versions with automated checks.
- Patch in staged environments and validate closure with scanners + service health checks.
- Map detections to MITRE ATT&CK tactics relevant to your environment and tune alert quality.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2022-20821
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2022-20821
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://nvd.nist.gov/vuln/detail/CVE-2022-20821
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20821
- Repository example: https://github.com/Ostorlab/KEV
- Repository example: https://github.com/santosomar/kev_checker
- Repository example: https://github.com/AlphabugX/CVE-2022-RCE
This content is for defensive security training and authorized validation only.