CVE-2017-14143 : The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

Published 2017-09-19 15:29:01

Updated 2018-01-27 02:29:02

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-14143

Kaltura » Kaltura Server
Versions up to, including, (<=) mercury-13.1.0
cpe:2.3:a:kaltura:kaltura_server:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-14143

EPSS FAQ

77.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2017-14143

Kaltura Remote PHP Code Execution over Cookie

Disclosure Date: 2017-09-12

First seen: 2020-04-26

exploit/linux/http/kaltura_unserialize_cookie_rce

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign

More information

CVSS scores for CVE-2017-14143

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-14143

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-14143

https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682

remove unsafe unserialize · kaltura/server@6a6d143 · GitHub
Third Party Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/43876/

Kaltura - Remote PHP Code Execution over Cookie (Metasploit)
https://www.exploit-db.com/exploits/43028/

Kaltura < 13.2.0 - Remote Code Execution
https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt

Exploit;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/100976

Kaltura Community Edition Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to