← back
CVE-2017-14143

CVE-2017-14143

EPSS 75.5%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 75.5%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
12 Sep 2017Metasploit module available
19 Sep 2017Published on NVD
23 Oct 2017Public PoC
Weaponization speed
33 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.