Avid NEXIS Unauthenticated Path Traversal Vulnerability

A path traversal vulnerability has been identified in the Avid NEXIS Agent, affecting versions prior to 2025.5.1 across all series (E, F, and PRO+), as well as the System Director Appliance (SDA+). The vulnerability arises from the use of an outdated gSOAP version, specifically gSOAP 2.8, which is known to be vulnerable to path traversal attacks. This flaw allows unauthenticated users to traverse directories and access arbitrary files on the server, potentially leading to the exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for unauthenticated path traversal, enabling attackers to read arbitrary files on the server. Given that the application runs with high privileges by default, this could include access to sensitive system files.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/agent' endpoint with a crafted 'filename' parameter that includes directory traversal sequences (such as '../') to navigate the file system and access restricted files. The response will include the contents of the requested file, demonstrating the successful exploitation of the path traversal vulnerability.

Remediation

Users are advised to update to Avid NEXIS version 2025.5.1 or later, where this vulnerability has been addressed. If an immediate update is not possible, consider restricting access to the Avid NEXIS Agent port (default 5015) using a firewall.