Cisco on Friday rolled out fixes for a medium-severity vulnerability influencing IOS XR Application that it explained has been exploited in genuine-world attacks.
Tracked as CVE-2022-20821 (CVSS rating: 6.5), the issue relates to an open up port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis occasion and accomplish code execution.
“A productive exploit could let the attacker to publish to the Redis in-memory database, compose arbitrary information to the container filesystem, and retrieve facts about the Redis databases,” Cisco claimed in an advisory.
“Presented the configuration of the sandboxed container that the Redis occasion operates in, a distant attacker would be not able to execute remote code or abuse the integrity of the Cisco IOS XR Software package host program.”
The flaw, which it said was recognized all through the resolution of a complex assistance centre (TAC) case, impacts Cisco 8000 Collection routers managing IOS XR Program that has the health check out RPM installed and energetic.
The networking tools maker also cautioned that it grew to become mindful of the attempted exploitation of the zero-working day bug previously this thirty day period. “Cisco strongly suggests that consumers implement suitable workarounds or upgrade to a set computer software release to remediate this vulnerability,” it extra.
Discovered this posting fascinating? Observe THN on Fb, Twitter and LinkedIn to go through more special articles we write-up.
Some parts of this article are sourced from:
thehackernews.com
The FCC has a plan to boost rural broadband download speeds to 100 Mbps