漏洞类别:CGI
漏洞等级: 
漏洞信息
Pexip Infinity is a video communications software that can be deployed on infrastructure of organizations in public, private or hybrid cloud environments.
Pexip Infinity is vulnerable to input validation failure vulnerabilities in multiple components which would allow remote attackers to cause a denial of service or execute arbitrary code as an unprivileged user on Pexip Infinity Nodes.
Affected Versions:
Pexip Infinity Prior to Versions 14.2
QID detection Logic (Unauthenticated):
The QID works by sending a HTTP GET static/help/content/admin/whats_new.htm request to the target and flags if it finds a vulnerable version in the response.
QID detection Logic (Authenticated):
The QID checks for vulnerable Pexip version in 'version.json' file in Pexip directory.
漏洞危害
Successful exploitation of the vulnerability allows remote attackers to cause a denial of service or execute arbitrary code as an unprivileged user.
解决方案
Customers are advised to install the latest version of Pexip Infinity from the Pexip Downloads page.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论