← Advisories

VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution

High

Advisory ID

ZSL-2018-5455

Release Date

31 March 2018

Vendor

VideoFlow Ltd. - http://www.video-flow.com

Affected Version

2.10 (X-Prototype-Version: 1.6.0.2), System = Indicate if the DVP is configured as Protector, Sentinel or Fortress, Version = The Operating System SW version number, Image version = Production Image version, System: DVP Protector, Version: 1.40.0.15(R) May 5 2015 05:27:05, Image version: 3.07i, System: DVP Protector, Version: 1.40.0.15(R) May 5 2015 05:27:05, Image version: 2.08, System: DVP Fortress, Version: 2.10.0.5(R) Jan 7 2018 03:26:35, Image version: 3.07

CVE

CVE-2019-25255

Tested On

CentOS release 5.6 (Final) (2.6.18-238.12.1.el5), CentOS release 5.10 (Final) (2.6.18-371.el5), ConfD

Summary

VideoFlow's Digital Video Protection (DVP) product is used by leading companies worldwide to boost the reliability of IP networks, including the public Internet, for professional live broadcast. DVP enables broadcast companies to confidently contribute and distribute live video over IP with unprecedented levels of service continuity, at a fraction of the cost of leased lines or satellite links. It accelerates ROI by reducing operational costs and enabling new revenue streams across a wide variety of markets.

Description

The affected device suffers from authenticated remote code execution vulnerability. Including a CSRF, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.

Proof of Concept

videoflow_root.txtTXT

Disclosure Timeline

01.02.2018Vulnerability discovered.

05.03.2018Vendor contacted.

30.03.2018No response from the vendor.

31.03.2018Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2018030269

[2]https://www.exploit-db.com/exploits/44387/