Cisco’s IOS XR software under exploitation

Cisco has warned that malicious actors have been actively exploiting a new medium-severity flaw in its IOS XR software, according to SecurityWeek. The vulnerability, tracked as CVE-2022-20821, has been observed in Cisco 8000 series routers running IOS XR 7.3.3 with active health check RPM, with a patch released in version 7.3.4. "An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system," said Cisco. The warning comes after the Cybersecurity and Infrastructure Security Agency's warning in March about the numerous actively exploited security flaws in the small business routers offered by Cisco.