Two-thousand internet-facing Linux servers
are being impacted by an exploited Redis security flaw, tracked as CVE-2022-0543, according to SecurityWeek
Threat actors have abused the vulnerability, which involves inadequate Lua sanitization, days after the release of a proof-of-concept code on March 8, prompting the Cybersecurity and Infrastructure Agency to include the flaw in its Known Exploited Vulnerabilities Catalog. The vulnerability has been addressed by Debian and Ubuntu on Feb. 18.
However, exploitation will continue amid existing internet-exposed targets, said Rapid7 researchers, who noted that a Metasploit module was offered last Tuesday.
"2,000 hosts is the absolute ceiling of potentially vulnerable internet-facing Redis servers that can be exploited without authentication. We actually aren't certain how many of these hosts installed Redis using an affected package or if they've been patched," Rapid7 said.
The findings should prompt organizations to prioritize addressing the vulnerability within their systems as soon as possible, added researchers.