{"vulnerability": "CVE-2022-20821", "sightings": [{"uuid": "6fe905f1-bcd9-4085-90c0-6c5bc8bb040f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20821", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "6967344f-6dd8-423a-a94c-fa701e3b9912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20821", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971567", "content": "", "creation_timestamp": "2024-12-24T20:31:14.391546Z"}, {"uuid": "159c85d0-374f-4979-8ee9-df0592399ec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20821", "type": "seen", "source": "https://t.me/itsec_news/690", "content": "\u200b\u2692 Cisco \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 \u0441 \u041e\u0421 IOS XR.\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Cisco \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u0441\u0432\u043e\u0438\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 \u0441 \u041e\u0421 IOS XR, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u043c Redis, \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430\u0445 NOSi Docker.\n\n\u041f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b IOS XR \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Cisco, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441\u0435\u0440\u0438\u0439 NCS 540 \u0438 560, NCS 5500, 8000 \u0438 ASR 9000.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-20821 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 RPM \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 TCP-\u043f\u043e\u0440\u0442 6379. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u0451 \u043f\u0443\u0442\u0435\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 Redis \u043d\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u043f\u043e\u0440\u0442\u0443. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0435\u043c\u0443 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u044c, \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0444\u0430\u0439\u043b\u043e\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 Redis.\n\n\u041a \u0441\u0447\u0430\u0441\u0442\u044c\u044e, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u043d \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0438\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0445\u043e\u0441\u0442\u0430, \u0442\u0430\u043a \u043a\u0430\u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Redis \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0432 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0435.\n\n\u0425\u043e\u0442\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0438\u0438 Cisco 8000 \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0438 \u0432\u043a\u043b\u044e\u0447\u0451\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 RPM, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043b\u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u043c\u0435\u0440\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u0445 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u041f\u041e.\n\n#Cisco #Redis \n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-05-22T10:35:24.000000Z"}, {"uuid": "86b30a71-8250-49b1-beae-c5d7b2451a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-20821", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bfb8f0ed-30fd-4281-aa15-5f46555011ef", "content": "", "creation_timestamp": "2026-02-02T12:27:41.375764Z"}, {"uuid": "978c290e-8d02-4635-8b44-e0c218d79a5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20821", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:33.000000Z"}, {"uuid": "3c217a67-a8a1-42d8-af24-8a64f77cb20c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-20821", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=809", "content": "", "creation_timestamp": "2022-05-23T04:00:00.000000Z"}, {"uuid": "e3e95f8a-39f0-4f29-8711-a3f5c5a34147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20821", "type": "seen", "source": "https://t.me/arpsyndicate/2141", "content": "#ExploitObserverAlert\n\nCVE-2022-20821\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-20821. A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.\n\nFIRST-EPSS: 0.003670000\nNVD-IS: 2.5\nNVD-ES: 3.9", "creation_timestamp": "2023-12-24T02:51:29.000000Z"}, {"uuid": "ff6ab996-7a4d-4537-8eb0-d1967a498776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20821", "type": "seen", "source": "https://t.me/cibsecurity/43385", "content": "\u203c CVE-2022-20821 \u203c\n\nA vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-26T18:14:14.000000Z"}]}