Lucene search
K

23 matches found

F5 Networks
F5 Networks
added 2023/09/04 5:30 a.m.40 views

K000136079: Redis vulnerability CVE-2022-0543

Security Advisory Description It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution. CVE-2022-0543 Impact There is no impact; F5 products are not affected by this...

10CVSS9.3AI score0.9967EPSS
Exploits9
The Hacker News
The Hacker News
added 2023/07/31 1:38 p.m.57 views

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

10CVSS9.1AI score0.9967EPSS
Exploits9
hivepro
hivepro
added 2023/07/21 8:38 a.m.34 views

A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...

10CVSS6.8AI score0.9967EPSS
Exploits9
The Hacker News
The Hacker News
added 2023/07/20 6:12 a.m.116 views

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer P2P worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than...

10CVSS9.1AI score0.9967EPSS
Exploits9
The Hacker News
The Hacker News
added 2022/12/02 11:9 a.m.59 views

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...

10CVSS2AI score0.9967EPSS
Exploits9
GithubExploit
GithubExploit
added 2022/09/01 4:44 p.m.640 views

Exploit for Missing Authorization in Redis

CVE-2022-0543 Fully featured exploit for Redis RCE through Lua...

10CVSS10AI score0.9967EPSS
Exploits9
GithubExploit
GithubExploit
added 2022/07/06 4:35 a.m.532 views

Exploit for Missing Authorization in Redis

CVE-2022-0543 1. Introduction Redis Sandbox Escape Vulnera...

10CVSS7.3AI score0.9967EPSS
Exploits9
OpenVAS
OpenVAS
added 2022/05/03 12:0 a.m.33 views

Redis RCE Vulnerability (CVE-2022-0543) - Active Check

Redis is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if...

10CVSS9.3AI score0.9967EPSS
Exploits9References7
Rapid7 Blog
Rapid7 Blog
added 2022/04/29 8:9 p.m.61 views

Metasploit Wrap-Up

Redis Sandbox Escape Our very own Jake Baines wrote a module that performs a sandbox escape on Redis versions between 5.0.0 and 6.1.0 and achieves remote code execution as the redis user. Redis installations can be password protected, so this module supports exploiting the vulnerability with and...

10CVSS1.5AI score0.9967EPSS
Exploits9
Metasploit
Metasploit
added 2022/04/28 5:42 p.m.395 views

Redis Lua Sandbox Escape

This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On...

10CVSS9.1AI score0.9967EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/04/27 12:0 a.m.922 views

Redis Lua Sandbox Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Lua Sandbox Escape', 'Description' = %q This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was...

10CVSS0.4AI score0.9967EPSS
Exploits9
0day.today
0day.today
added 2022/04/27 12:0 a.m.765 views

Redis Lua Sandbox Escape Exploit

This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary...

10CVSS9.9AI score0.9967EPSS
Exploits9
Check Point Advisories
Check Point Advisories
added 2022/03/31 12:0 a.m.29 views

Redis Lua Remote Code Execution (CVE-2022-0543)

A remote code execution vulnerability exists in Redis Lua. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.8AI score0.9967EPSS
Exploits9
hivepro
hivepro
added 2022/03/29 12:17 p.m.152 views

Muhstik botnet adds another vulnerability exploit to its arsenal

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Muhstik malware has begun attacking Redis Servers by exploiting a recently reported vulnerability, CVE-2022-0543. This flaw can be found in several Redis Debian packages. The attack began on March 11, 2022, and was carried out...

10CVSS0.7AI score0.99993EPSS
Exploits90
The Hacker News
The Hacker News
added 2022/03/28 6:59 a.m.317 views

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data...

10CVSS1.9AI score0.99999EPSS
Exploits522
GithubExploit
GithubExploit
added 2022/03/16 6:41 a.m.43 views

Exploit for Missing Authorization in Redis

CVE-2022-0543 CVE-2022-0543RCE:...

10CVSS7.5AI score0.9967EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2022/03/08 12:0 a.m.197 views

Ubuntu 20.04 LTS : Redis vulnerability (USN-5316-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5316-1 advisory. Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbo...

10CVSS9.1AI score0.9967EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2022/02/21 12:0 a.m.48 views

Debian DSA-5081-1 : redis - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5081 advisory. - It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in...

10CVSS9AI score0.9967EPSS
Exploits9References7
Circl
Circl
added 2022/02/18 10:40 p.m.23 views

CVE-2022-0543

creationtimestamp| type| source ---|---|--- 2022-02-18 22:40:51+00:00| seen| https://t.me/cibsecurity/37758 2022-03-11 11:00:52+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5581 2022-03-16 06:44:25+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1669...

10CVSS7.4AI score0.9967EPSS
Exploits9References28
CVE
CVE
added 2022/02/18 7:25 p.m.1703 views

CVE-2022-0543

CVE-2022-0543 concerns Redis with a Debian-specific Lua sandbox escape packaging issue that can lead to remote code execution. The vulnerability is described as a Debian packaging problem in Redis, enabling a sandbox escape and potential arbitrary code execution on affected systems. Public adviso...

10CVSS9.7AI score0.9967EPSS
In wildExploits9References7Affected Software1
Rows per page
Query Builder