Avid NEXIS Products Unauthenticated Arbitrary File Read Vulnerability

A vulnerability allowing unauthenticated arbitrary file read has been identified in Avid NEXIS E-series, F-series, PRO+, and the System Director Appliance (SDA+), all prior to version 2025.5.1. The issue arises because the application does not properly validate file paths in the filename parameter, enabling users to read arbitrary files. This vulnerability is particularly concerning as the application typically runs with high privileges, allowing access to sensitive information such as password files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, including those containing password information, due to the application's default high privilege execution.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/logs' endpoint with a 'filename' parameter that includes the path of the file to be read, such as '/etc/shadow'. The request must be made to the application's agent port, which is typically 5015.

Remediation

Users are advised to restrict access to the agent port (default 5015) using an allowlist approach.