CVE-2024-26291 Scanner

Avid NEXIS Agent is utilized broadly in media companies and post-production environments for efficient media storage management. It provides essential data storage and streaming services for collaborative content creation teams. System administrators commonly deploy this software to manage vast amounts of video and audio data. The product supports seamless integration with various editing and media asset management tools, enhancing productivity in complex media workflows. The NEXIS Agent runs on Avid's hardware platforms, targeting scenarios where security and high performance are paramount. Its central management capabilities make it a favorite choice for major broadcasters and media content creators.

The vulnerability detected allows for arbitrary file reading due to improper validation of input parameters. This particular issue relates to the inadequate handling of a filename parameter that unauthorized users can manipulate. Attackers can exploit this weakness to gain unauthorized access to sensitive file contents without the need for authentication. The compromised files might include critical system configurations or user data that are typically protected from unauthorized access. Since the issue is unauthenticated, any user with network access to the affected NEXIS systems can potentially exploit this. The vulnerability poses a risk to data confidentiality and increases the exposure to information theft.

The vulnerability stems from a web end-point within the Avid NEXIS Agent that inadequately sanitizes the input received. This flaw can be manipulated by inputting crafted file paths within HTTP GET requests. Specifically, the endpoints like /logs?filename= can be used with encoded paths to access sensitive files. Attackers validate their success when the server returns a 200 HTTP status code with expected file contents. The vulnerability exploits a header that includes "gSOAP", confirming the server's response to unauthorized input. While specific scripts target standard system files such as the /etc/passwd in Linux and win.ini in Windows, the nature of the exploit could be extended further.

Exploiting this vulnerability could lead to unauthorized files being accessed, leading to the exposure of confidential data and possible strategic compromises. Sensitive information such as user credentials, system configuration details, and proprietary information could be leaked. Additionally, attackers could gain insights into the system architecture, enhancing targeted attacks or further exploitations. The leakage of such critical information might compromise the entire system's integrity and lead to subsequent unauthorized access. Persistent exploitation could also result in regulatory non-compliance and potential financial liabilities.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2024-26291
• https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_Avid_Nexus_Agent_Multiple_Vulnerabilities_en.html
• https://kb.avid.com/pkb/articles/troubleshooting/en239659