CVE-2017-14143
CVE-2017-14143
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 75.5%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
12 Sep 2017Metasploit module available
19 Sep 2017Published on NVD
23 Oct 2017Public PoC
Weaponization speed
33 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/43028/unverifiedcve_referencewww.exploit-db.com/exploits/43876/unverifiedexploitdbwww.exploit-db.com/exploits/43876unverifiedexploitdbwww.exploit-db.com/exploits/43028unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txthttps://www.exploit-db.com/exploits/43028/https://www.exploit-db.com/exploits/43876/http://www.securityfocus.com/bid/100976