Security News > 2022 > March > Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine.
According to telemetry data gathered by Juniper Threat Labs, the attacks leveraging the new flaw are said to have commenced on March 11, 2022, leading to the retrieval of a malicious shell script from a remote server, which is then utilized to fetch and execute the botnet binaries from another server.
CVE-2018-7600 - Drupal remote code execution vulnerability.
CVE-2019-2725 - Oracle WebLogic Server remote code execution vulnerability.
CVE-2021-44228 - Apache Log4j remote code execution vulnerability.
News URL
https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html
Related news
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-0543 | Missing Authorization vulnerability in Redis It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 |
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion CWE-502 critical | 10.0 |
| 2019-04-26 | CVE-2019-2725 | Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 7.5 |
| 2018-03-29 | CVE-2018-7600 | Improper Input Validation vulnerability in multiple products Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | 7.5 |