CVE-2022-0543 Scanner
CVE-2022-0543 scanner - Remote Code Execution (RCE) vulnerability in Debian redis
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Redis is a widely-used, open-source, and persistent key-value database that serves as an in-memory data structure store. Its primary usage includes, but is not limited to, caching, message queuing, and data storage for applications. With its ability to store large amounts of data with low latency and high throughput, Redis has seen widespread adoption by technology companies worldwide.
Recently, a Debian-specific Lua sandbox escape vulnerability was detected in Redis. This vulnerability is identified as CVE-2022-0543 and has the potential to lead to remote code execution. This vulnerability is due to a packaging issue that enables an attacker to escape the Lua sandbox, which can permit them to execute arbitrary code remotely.
When exploited, this vulnerability can allow attackers to gain complete access and control over Redis systems, leading to complete system compromise. With this, attackers can launch severe attacks such as data theft, disrupt business activities, deploy malware, and many more. Redis systems' users must be aware of this issue and take appropriate steps to mitigate it as required.
Thanks to the pro features of the s4e.io platform, businesses and individuals can stay updated on the latest vulnerabilities affecting their digital assets. With its comprehensive vulnerability assessments and monitoring, s4e.io provides users with timely recommendations on how to stay secure and protect against emerging threats. It is an invaluable tool for anyone looking to protect their digital assets effectively in today's rapidly-changing threat landscape.
REFERENCES
- http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html
- https://bugs.debian.org/1005787
- https://lists.debian.org/debian-security-announce/2022/msg00048.html
- https://security.netapp.com/advisory/ntap-20220331-0004/
- https://www.debian.org/security/2022/dsa-5081
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce