Aerospike.Database.UDF.Lua.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Aerospike Community Edition.
The vulnerability is due to a design flaw when handling a message with crafted UDF. A remote, unauthenticated attacker can exploit the vulnerability by sending message with crafted UDF to a vulnerable application. Successful exploitation can result in remote code execution in the context of the system.
Affected Products
Aerospike Community Edition version 4.5.3.20 and prior
Aerospike Community Edition from version 4.6.0.1 to version 4.6.0.18
Aerospike Community Edition from version 4.7.0.1 to version 4.7.0.16
Aerospike Community Edition from version 4.8.0.1 to version 4.8.0.12
Aerospike Community Edition from version 4.9.0.1 to version 4.9.0.9
Aerospike Community Edition from version 5.0.0.1 to version 5.0.0.6
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.aerospike.com/download/server/notes.html#5.1.0.3
https://www.aerospike.com/enterprise/download/server/notes.html#5.1.0.3
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |