{"uuid": "aaf4a9de-3195-4aa4-8c75-e92b26693d02", "vulnerability": {"vulnId": "CVE-2022-20821", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "aaf4a9de-3195-4aa4-8c75-e92b26693d02"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T13:24:01Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XR Open Port Vulnerability | Affected: Cisco / IOS XR | Description: Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-20821"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-923"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XR", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XR Open Port Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2022-20821", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20821"}]}