Security News > 2022 > March > Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
2022-03-27 23:59

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.

The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine.

According to telemetry data gathered by Juniper Threat Labs, the attacks leveraging the new flaw are said to have commenced on March 11, 2022, leading to the retrieval of a malicious shell script from a remote server, which is then utilized to fetch and execute the botnet binaries from another server.

CVE-2018-7600 - Drupal remote code execution vulnerability.

CVE-2019-2725 - Oracle WebLogic Server remote code execution vulnerability.

CVE-2021-44228 - Apache Log4j remote code execution vulnerability.


News URL

https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-0543 Missing Authorization vulnerability in Redis
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
network
low complexity
redis CWE-862
critical
10.0
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2019-04-26 CVE-2019-2725 Injection vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-74
critical
9.8
2018-03-29 CVE-2018-7600 Improper Input Validation vulnerability in multiple products
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
network
low complexity
drupal debian CWE-20
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Redis 4 4 10 15 4 33