CVE-2024-26291
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: ENISA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| avid | nexis_agent | 22.12.0.174 |
| avid | nexis_agent | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers to read sensitive files on your system without any authentication, potentially exposing confidential information. Because the application runs with the highest system privileges, attackers can access critical system files, which could lead to information disclosure, compromise of system security, and further attacks.
Can you explain this vulnerability to me?
CVE-2024-26291 is an unauthenticated arbitrary file read vulnerability in the Avid NEXIS Agent installed on Linux and Windows. The vulnerability arises because the 'filename' parameter does not validate the file path, allowing attackers to read any file on the system. Since the agent runs with the highest privileges (root on Linux and NT_AUTHORITY SYSTEM on Windows), attackers can obtain sensitive information by reading arbitrary files without authentication.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for unauthorized or suspicious HTTP requests to the Avid NEXIS Agent's web interface, which listens on port 5015. Specifically, look for HTTP GET requests with parameters attempting to read arbitrary files via the 'filename' parameter. Since the vulnerability involves unauthenticated arbitrary file read, scanning for such requests or attempts to access sensitive files can indicate exploitation attempts. Commands to detect such activity could include using network monitoring tools like tcpdump or Wireshark to filter traffic on port 5015, for example: 1) tcpdump -i any port 5015 -A | grep 'filename=' 2) Use web server logs or proxy logs to search for GET requests containing 'filename=' parameter. Additionally, checking for unexpected file access or unusual process activity on the system may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the Avid NEXIS Agent's port 5015 by implementing firewall allowlisting to limit exposure only to trusted hosts. Since no official patch or fix is currently available for CVE-2024-26291, network-level controls are critical. Monitoring for updates from Avid and applying patches when they become available is also recommended. Additionally, consider isolating affected systems and reviewing access controls to minimize risk. [1]