CVE-2024-26290

Summary

Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0.

Affected Software

VendorProductVersion RangeStatus
AvidAvid NEXIS E-series0 < 2024.6.0affected
AvidAvid NEXIS F-series0 < 2024.6.0affected
AvidAvid NEXIS PRO+0 < 2024.6.0affected
AvidSystem Director Appliance (SDA+)0 < 2024.6.0affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References