CVE-2024-26293

Summary

The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

Affected Software

VendorProductVersion RangeStatus
AvidAvid NEXIS E-series0 < 2025.5.1affected
AvidAvid NEXIS F-series0 < 2025.5.1affected
AvidAvid NEXIS PRO+0 < 2025.5.1affected
AvidSystem Director Appliance (SDA+)0 < 2025.5.1affected

Weaknesses

  • CWE-1395: CWE-1395: Dependency on Vulnerable Third-Party Component

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References