CVE-2020-13151

high-risk
Published 2020-08-05

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.

Do I need to act?

!
90.0% chance of exploitation in next 30 days
EPSS score — higher than 10% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
49067
+
Fix available
Upgrade to: e4210e67d2c94be6f5b2f9498e17b8797fd4835c, e85a2f1af8b35ec319ed3c5af3a2688fa745763c, c319c35a6ab5f4c238e47b67067763d1da60d4be, a405a4c9d58c575915dc0c54533579d1232f59ca, aa32a09f487653a2d8896efae526b7a139f7bd1f, 7644d13688bb914a384cf8a40da3645085636cd3
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Aerospike

References (12)

Exploit http://packetstormsecurity.com/files/160106/Aerospike-Database-5.1.0.3-Remote-Co...
Exploit http://packetstormsecurity.com/files/160451/Aerospike-Database-UDF-Lua-Code-Exec...
Exploit https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike...
Exploit https://www.aerospike.com/docs/operations/configure/security/access-control/inde...
Release Notes https://www.aerospike.com/download/server/notes.html#5.1.0.3
Release Notes https://www.aerospike.com/enterprise/download/server/notes.html#5.1.0.3
Exploit http://packetstormsecurity.com/files/160106/Aerospike-Database-5.1.0.3-Remote-Co...
Exploit http://packetstormsecurity.com/files/160451/Aerospike-Database-UDF-Lua-Code-Exec...
Exploit https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike...
Exploit https://www.aerospike.com/docs/operations/configure/security/access-control/inde...
Release Notes https://www.aerospike.com/download/server/notes.html#5.1.0.3
Release Notes https://www.aerospike.com/enterprise/download/server/notes.html#5.1.0.3
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal