⚠ Actively exploited

Added to CISA KEV on 2022-03-28. Federal agencies required to patch by 2022-04-18. Required action: Apply updates per vendor instructions..

CVE-2022-0543 — Missing Authorization in Redis

CWE-862 — Missing Authorization CWE-287 — Improper Authentication21 documents14 sources

Severity

10.0CRITICALNVD

CISA7.8

EPSS

94.4%

top 0.02%

CISA KEV

KEV

Added 2022-03-28

Due 2022-04-18

Exploit

Exploited in wild

Active exploitation observed

Affected products

Redis Debian Redis

Timeline

PublishedFeb 18

KEV addedMar 28

KEV dueApr 18

Latest updateJan 27

CISA Required Action: Apply updates per vendor instructions.

Description

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/redis< redis 5:6.0.16-2 (bookworm)

▶CVEListV5debian/redisn/a

▶Debianredis/redis< 5:6.0.16-1+deb11u2+3

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-9wpj-h5jq-88p9: It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which co↗2022-02-19

▶

OSV

CVE-2022-0543: It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which co↗2022-02-18

▶

VulnCheck

Debian-specific Redis Server Lua Sandbox Escape Vulnerability↗2022

▶

💥Exploits & PoCs

Metasploit

Redis Lua Sandbox Escape↗

▶

Nuclei

Redis Sandbox Escape - Remote Code Execution

▶

🔍Detection Rules

Suricata

ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M2↗2026-01-27

▶

Suricata

ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M2↗2022-04-04

▶

Suricata

ET EXPLOIT Possible Redis RCE Attempt - Dynamic Importing of liblua (CVE-2022-0543)↗2022-04-04

▶

Suricata

ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M1↗2022-04-04

▶

📋Vendor Advisories

CISA

Debian-specific Redis Server Lua Sandbox Escape Vulnerability↗2022-03-28

▶

CISA

Microsoft Windows Privilege Escalation Vulnerability↗2022-03-15

▶

Ubuntu

Redis vulnerability↗2022-03-08

▶

Debian

CVE-2022-0543: redis - It was discovered, that redis, a persistent key-value database, due to a packagi...↗2022

▶

🕵️Threat Intelligence

Bleepingcomputer

Stealthier version of P2Pinfect malware targets MIPS devices↗2023-12-04

▶

Wiz

Crying Out Cloud - August Newsletter | Wiz↗2023-08-30

▶

Unit42

P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm↗2023-07-19

▶

Unit42

P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm↗2023-07-19

▶

📄Research Papers

CTF

medium / README↗

▶

CTF

Shared / README↗

▶

CTF

Shared / README↗

▶