VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution
Title: VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution
Advisory ID: ZSL-2018-5455
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 31.03.2018
System = Indicate if the DVP is configured as Protector, Sentinel or Fortress
Version = The Operating System SW version number
Image version = Production Image version
System: DVP Protector
Version: 1.40.0.15(R) May 5 2015 05:27:05
Image version: 3.07i
System: DVP Protector
Version: 1.40.0.15(R) May 5 2015 05:27:05
Image version: 2.08
System: DVP Fortress
Version: 2.10.0.5(R) Jan 7 2018 03:26:35
Image version: 3.07
CentOS release 5.10 (Final) (2.6.18-371.el5)
ConfD
[05.03.2018] Vendor contacted.
[30.03.2018] No response from the vendor.
[31.03.2018] Public security advisory released.
[2] https://www.exploit-db.com/exploits/44387/
[3] https://packetstormsecurity.com/files/147002
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/141101
[01.04.2018] - Added reference [1]
[02.04.2018] - Added reference [2]
[08.04.2018] - Added reference [3] and [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2018-5455
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 31.03.2018
Summary
VideoFlow's Digital Video Protection (DVP) product is used by leading companies worldwide to boost the reliability of IP networks, including the public Internet, for professional live broadcast. DVP enables broadcast companies to confidently contribute and distribute live video over IP with unprecedented levels of service continuity, at a fraction of the cost of leased lines or satellite links. It accelerates ROI by reducing operational costs and enabling new revenue streams across a wide variety of markets.Description
The affected device suffers from authenticated remote code execution vulnerability. Including a CSRF, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.Vendor
VideoFlow Ltd. - http://www.video-flow.comAffected Version
2.10 (X-Prototype-Version: 1.6.0.2)System = Indicate if the DVP is configured as Protector, Sentinel or Fortress
Version = The Operating System SW version number
Image version = Production Image version
System: DVP Protector
Version: 1.40.0.15(R) May 5 2015 05:27:05
Image version: 3.07i
System: DVP Protector
Version: 1.40.0.15(R) May 5 2015 05:27:05
Image version: 2.08
System: DVP Fortress
Version: 2.10.0.5(R) Jan 7 2018 03:26:35
Image version: 3.07
Tested On
CentOS release 5.6 (Final) (2.6.18-238.12.1.el5)CentOS release 5.10 (Final) (2.6.18-371.el5)
ConfD
Vendor Status
[01.02.2018] Vulnerability discovered.[05.03.2018] Vendor contacted.
[30.03.2018] No response from the vendor.
[31.03.2018] Public security advisory released.
PoC
videoflow_root.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://cxsecurity.com/issue/WLB-2018030269[2] https://www.exploit-db.com/exploits/44387/
[3] https://packetstormsecurity.com/files/147002
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/141101
Changelog
[31.03.2018] - Initial release[01.04.2018] - Added reference [1]
[02.04.2018] - Added reference [2]
[08.04.2018] - Added reference [3] and [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk