CVE-2022-0543

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-0543 is a critical vulnerability in software design or implementation that was first identified in 2022. This flaw, known as a Lua sandbox escape vulnerability, affects Redis instances and has been exploited by P2PInfect, a self-replicating worm written in the Rust programming language. The issue received a severity rating of 10.0 on the Common Vulnerability Scoring System (CVSS), indicating its high risk level. The P2PInfect malware was first detected and documented in July 2023 by Palo Alto Networks Unit 42. Primarily targeting unpatched Redis servers, it exploits CVE-2022-0543 for initial access to the systems. The worm's self-replication capability combined with this vulnerability allows it to spread rapidly, loading a malicious Redis module through an unauthorized replication attack. Since its initial detection, P2PInfect has continued to pose significant threats to Redis servers worldwide. The malware was first disclosed back in July 2023, and despite efforts to mitigate its impact, it continues to exploit the Lua sandbox escape vulnerability (CVE-2022-0543) in unpatched Redis instances. As such, immediate patching and strengthening of security measures are recommended to prevent further exploitation of this vulnerability.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Redis
Malware
Worm
Vulnerability
Exploit
Sandbox
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
P2pinfectUnspecified
2
P2PInfect is a newly identified malware that poses a significant threat to routers and Internet of Things (IoT) devices. This malicious software, designed to exploit and damage computer systems or devices, can infiltrate your system through suspicious downloads, emails, or websites, often unbeknowns
RedigoUnspecified
2
Redigo is a type of malware that exploits vulnerabilities in Redis servers, specifically the CVE-2022-0543 vulnerability. This harmful software can infiltrate systems through suspicious downloads, emails, or websites and once inside, it has the potential to steal personal information, disrupt operat
KinsingUnspecified
1
Kinsing is a type of malware, malicious software designed to exploit and damage computer systems. It operates by infiltrating systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once embedded within a system, Kinsing can steal personal information, disrupt
Money LibraUnspecified
1
Money Libra, also known as Kinsing, is a malicious software (malware) that has been active since late 2021. This malware primarily targets cloud-native environments and applications such as Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, and cloud-hosted Apache NiFi instances,
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Adept LibraUnspecified
1
Adept Libra, also known as TeamTNT, is a malicious threat actor that has been active in cybersecurity breaches since at least July 2021. The group is known for its innovative use of tools such as LaZagne to steal passwords from various operating systems, including Linux distributions in cloud-based
Thief LibraUnspecified
1
Thief Libra, also known as WatchDog, is a threat actor identified in the cybersecurity world for its malicious activities. The group's operations involve exploiting vulnerabilities to execute actions with harmful intent. A notable aspect of Thief Libra's modus operandi involves targeting Redis insta
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-0543 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a year ago
Experts discovered a previously undocumented initial access vector used by P2PInfect worm
CERT-EU
a year ago
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems - Security Affairs
Securityaffairs
6 months ago
New P2PInfect bot targets routers and IoT devices
CERT-EU
a year ago
Rust, that got packed into Windows 11 recently, used to hack both Windows and Linux servers
CERT-EU
6 months ago
Rust-based P2Pinfect botnet goes after MIPS devices
CERT-EU
a year ago
Self-replicating worm malware infects exposed Redis data store used for live streaming
CSO Online
a year ago
Fileless attacks surge as cybercriminals evade cloud security defenses
CERT-EU
a year ago
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods
CERT-EU
a year ago
New P2Pinfect botnet malware targets Redis servers
CERT-EU
6 months ago
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices
CERT-EU
a year ago
New P2P Worm Puts Windows and Linux Redis Servers in its Sights
DARKReading
a year ago
P2P Self-Replicating Cloud Worm Targets Redis
Unit42
a year ago
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm
CERT-EU
9 months ago
Experts warn of a 600X increase in P2Pinfect traffic
CERT-EU
6 months ago
New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices
CERT-EU
a year ago
ALERT: Self-Replicating P2PInfect Worm Hits Redis Instances
CERT-EU
6 months ago
Stealthier version of P2Pinfect malware targets MIPS devices
CERT-EU
a year ago
Worm targeting unpatched Redis databases, say researchers | IT World Canada News
CERT-EU
a year ago
P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers
CERT-EU
6 months ago
Cyber Security Week in Review: December 8, 2023