CVE-2022-20821
Cisco IOS XR Open Port Vulnerability
CVSS
—
No CVSS
EPSS
11.8%
p96
KEV
YES
May 23, 2022
Exploit Today
79
0-100
Published: — · Last modified: —
11.8%EPSS · 30 days11.8%
2026-06-302026-07-16
Product
Cisco / IOS XR
Vulnerability
Cisco IOS XR Open Port Vulnerability
Added to KEV
May 23, 2022
Remediate by
Jun 13, 2022
Known ransomware use
No
Summary description
Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-20821
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-3118—95.6%
KEV—79Cisco IOS XR Software Discovery Protocol Format String Vulnerability—CVE-2010-3035—92.0%
KEV—78Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability—CVE-2020-3566—88.3%
KEV—76Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability—CVE-2009-2055—87.2%
KEV—76Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability—CVE-2020-3569—87.1%
KEV—76Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability—