CVE-2022-0543 Report - Details, Severity, & Advisories
Twingate Team
•
May 31, 2024
What is CVE-2022-0543?
CVE-2022-0543 is a critical vulnerability affecting Redis, a persistent key-value database, on Debian and Ubuntu Linux systems. This Debian-specific Lua sandbox escape vulnerability could potentially lead to remote code execution, allowing attackers to compromise the Redis database or execute arbitrary code. The vulnerability has a severity score of 10.0, indicating a high level of risk.
Who is impacted by CVE-2022-0543?
Affected versions include Redis Server with configurations running on Debian Linux 9.0, 10.0, and 11.0, as well as Ubuntu Linux 20.04 LTS and 21.10. Additionally, Redis versions between 5.0.0 and 6.1.0 on Debian and Ubuntu systems are impacted. Users of NetApp products that incorporate Redis versions 5:5.0.14-1+deb10u1, redis 5:5.0.3-4, and redis 5:6.0.15-1 are also affected by this vulnerability.
What should I do if I’m affected?
If you're affected by the CVE-2022-0543 vulnerability, it's crucial to update your Redis packages to fixed versions. Follow these steps to protect your system:
Identify your Debian or Ubuntu Linux version.
Refer to the Debian security tracker or Debian security advisory for the appropriate fixed Redis package version.
Upgrade your Redis packages to the fixed version.
Monitor the NetApp Support website for software fixes if you're using NetApp products.
Contact your software vendor or technical support for assistance if needed.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-0543 vulnerability, also known as the Debian-specific Redis Server Lua Sandbox Escape Vulnerability, is listed in CISA's Known Exploited Vulnerabilities Catalog. Added on March 28, 2022, the due date for required action is April 18, 2022.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-862, affecting Redis on Debian and Ubuntu systems.
Learn More
To better understand the vulnerability's description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-0543 Report - Details, Severity, & Advisories
Twingate Team
•
May 31, 2024
What is CVE-2022-0543?
CVE-2022-0543 is a critical vulnerability affecting Redis, a persistent key-value database, on Debian and Ubuntu Linux systems. This Debian-specific Lua sandbox escape vulnerability could potentially lead to remote code execution, allowing attackers to compromise the Redis database or execute arbitrary code. The vulnerability has a severity score of 10.0, indicating a high level of risk.
Who is impacted by CVE-2022-0543?
Affected versions include Redis Server with configurations running on Debian Linux 9.0, 10.0, and 11.0, as well as Ubuntu Linux 20.04 LTS and 21.10. Additionally, Redis versions between 5.0.0 and 6.1.0 on Debian and Ubuntu systems are impacted. Users of NetApp products that incorporate Redis versions 5:5.0.14-1+deb10u1, redis 5:5.0.3-4, and redis 5:6.0.15-1 are also affected by this vulnerability.
What should I do if I’m affected?
If you're affected by the CVE-2022-0543 vulnerability, it's crucial to update your Redis packages to fixed versions. Follow these steps to protect your system:
Identify your Debian or Ubuntu Linux version.
Refer to the Debian security tracker or Debian security advisory for the appropriate fixed Redis package version.
Upgrade your Redis packages to the fixed version.
Monitor the NetApp Support website for software fixes if you're using NetApp products.
Contact your software vendor or technical support for assistance if needed.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-0543 vulnerability, also known as the Debian-specific Redis Server Lua Sandbox Escape Vulnerability, is listed in CISA's Known Exploited Vulnerabilities Catalog. Added on March 28, 2022, the due date for required action is April 18, 2022.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-862, affecting Redis on Debian and Ubuntu systems.
Learn More
To better understand the vulnerability's description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-0543 Report - Details, Severity, & Advisories
Twingate Team
•
May 31, 2024
What is CVE-2022-0543?
CVE-2022-0543 is a critical vulnerability affecting Redis, a persistent key-value database, on Debian and Ubuntu Linux systems. This Debian-specific Lua sandbox escape vulnerability could potentially lead to remote code execution, allowing attackers to compromise the Redis database or execute arbitrary code. The vulnerability has a severity score of 10.0, indicating a high level of risk.
Who is impacted by CVE-2022-0543?
Affected versions include Redis Server with configurations running on Debian Linux 9.0, 10.0, and 11.0, as well as Ubuntu Linux 20.04 LTS and 21.10. Additionally, Redis versions between 5.0.0 and 6.1.0 on Debian and Ubuntu systems are impacted. Users of NetApp products that incorporate Redis versions 5:5.0.14-1+deb10u1, redis 5:5.0.3-4, and redis 5:6.0.15-1 are also affected by this vulnerability.
What should I do if I’m affected?
If you're affected by the CVE-2022-0543 vulnerability, it's crucial to update your Redis packages to fixed versions. Follow these steps to protect your system:
Identify your Debian or Ubuntu Linux version.
Refer to the Debian security tracker or Debian security advisory for the appropriate fixed Redis package version.
Upgrade your Redis packages to the fixed version.
Monitor the NetApp Support website for software fixes if you're using NetApp products.
Contact your software vendor or technical support for assistance if needed.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-0543 vulnerability, also known as the Debian-specific Redis Server Lua Sandbox Escape Vulnerability, is listed in CISA's Known Exploited Vulnerabilities Catalog. Added on March 28, 2022, the due date for required action is April 18, 2022.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-862, affecting Redis on Debian and Ubuntu systems.
Learn More
To better understand the vulnerability's description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions