CVE Daily

CVE-2024-26291

An Unauthenticated Arbitrary File Read vulnerability affects the Agent when inst...

High CVSS 8.7

Overview

An Unauthenticated Arbitrary File Read vulnerability affects the
Agent when installed on a system. The parameter filename does not validate the
path thus allowing users to read arbitrary files. As
the application runs with the highest privileges (root/NT_AUTHORITY SYSTEM)
by default attackers are able to obtain sensitive information.

This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

CWE: CWE-285 Published: 2025-07-14T09:15:23.250
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.7 (HIGH)
  • Detected tags: arb_read (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags