Vulnerability Details : CVE-2017-14143
Public exploit exists!
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
Exploit prediction scoring system (EPSS) score for CVE-2017-14143
Probability of exploitation activity in the next 30 days: 75.90%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-14143
-
Kaltura Remote PHP Code Execution over Cookie
Disclosure Date: 2017-09-12First seen: 2020-04-26exploit/linux/http/kaltura_unserialize_cookie_rceThis module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign
CVSS scores for CVE-2017-14143
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-14143
-
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-14143
-
https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682
remove unsafe unserialize · kaltura/server@6a6d143 · GitHubThird Party Advisory
-
https://www.exploit-db.com/exploits/43876/
Kaltura - Remote PHP Code Execution over Cookie (Metasploit)
-
https://www.exploit-db.com/exploits/43028/
Kaltura < 13.2.0 - Remote Code Execution
-
https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt
Exploit;Third Party Advisory
-
http://www.securityfocus.com/bid/100976
Kaltura Community Edition Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2017-14143
- cpe:2.3:a:kaltura:kaltura_server:*:*:*:*:*:*:*:*