Strike ID:
E19-it9h1
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2019

Description

This strike exploits an authentication bypass on the Redis Server. The vulnerability is due to allowing attacker load a dynamic module and execute it remotely without authentication. A remote unauthorized attacker can exploit this vulnerability by sending a crafted TCP request to the system. Successful exploitation results in remote code execution on the target server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}