Exploitation Summary
EIP tracks 4 public exploits for CVE-2020-13151.
PoCs published by Matt S, b4ny4n, ByteMe1001, including Metasploit module exploits/linux/misc/aerospike_database_udf_cmd_exec.
AI-analyzed exploit summary This exploit leverages CVE-2020-13151 to achieve remote command execution on Aerospike Database versions prior to 5.1.0.3 by registering a malicious UDF (User Defined Function) and executing arbitrary commands via the `apply` method.
Description
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.
Exploits (4)
This exploit leverages CVE-2020-13151 to achieve remote command execution on Aerospike Database versions prior to 5.1.0.3 by registering a malicious UDF (User Defined Function) and executing arbitrary commands via the `apply` method.
This repository contains a functional PoC for CVE-2020-13151, which exploits a command execution vulnerability in Aerospike Database versions prior to 5.1.0.3. The exploit leverages a Lua UDF (User Defined Function) to execute arbitrary commands on the underlying host via `io.popen`.
This repository contains a functional PoC for CVE-2020-13151, an RCE vulnerability in Aerospike Server. The exploit leverages a Lua UDF (User Defined Function) to execute arbitrary commands via `io.popen`, bypassing restrictions on `os.execute()`.
This Metasploit module exploits CVE-2020-13151 in Aerospike Database by uploading a malicious Lua UDF that executes arbitrary commands via `os.execute`. It supports both direct command execution and staged payloads, with cleanup to avoid persistent backdoors.
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H