← Advisories

Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration

Medium

Advisory ID

ZSL-2023-5781

Release Date

07 July 2023

Vendor

Ateme - https://www.ateme.com

Affected Version

3.9.12.4, 3.9.11.0, 3.9.9.2, 3.9.8.0

CVE

N/A

Tested On

Microsoft Windows, NodeJS, Ateme KFE Software

Summary

TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and Archive applications. TITAN File is based on ATEME 5th Generation STREAM compression engine and delivers the highest video quality at minimum bitrates with accelerated parallel processing.

Description

Authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Titan File video transcoding software. The application parses user supplied data in the job callback url GET parameter. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP/DNS/File request to an arbitrary destination. This can be used by an external attacker for example to bypass firewalls and initiate a service, file and network enumeration on the internal network through the affected application.

Proof of Concept

ateme_ssrf.txtTXT

Disclosure Timeline

22.04.2023Vulnerability discovered.

23.04.2023Vendor contacted.

06.07.2023No response from the vendor.

07.07.2023Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.exploit-db.com/exploits/51582

[2]https://packetstormsecurity.com/files/173384/

[3]https://cxsecurity.com/issue/WLB-2023070029

[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/263694

Changelog

07.07.2023Initial release

26.07.2023Added reference [1], [2] and [3]

31.08.2023Added reference [4]