Security News > 2022 > May > Cisco urges admins to patch IOS XR zero-day exploited in attacks

Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely access Redis instances running in NOSi Docker containers.
The IOS XR Network OS is deployed on multiple Cisco router platforms, including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.
While the flaw only affects Cisco 8000 Series routers where the health check RPM is installed and active, Cisco urged customers in an advisory published Friday to patch or apply workarounds on appliances running vulnerable software.
"In May 2022, the Cisco PSIRT became aware of attempted exploitation of this vulnerability in the wild," the company said.
"Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations," Cisco said.
Previously, Cisco fixed NFVIS bugs that can let unauthenticated attackers run commands with root privileges remotely and a Cisco Umbrella Virtual Appliance that allowed remote unauthenticated attackers to steal admin credentials.
News URL
Related news
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)