CVE-2024-26291

216.73.216.6

· Published 14/07/2025 09:15 · Modified 15/07/2025 13:14

Labels: CVE-2024-26291 2025-07-14 CVE-2024-26291 CWE-285 a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Essential information

Published: 14/07/2025 09:15
Modified: 15/07/2025 13:14
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges (root/NT_AUTHORITY SYSTEM) by default attackers are able to obtain sensitive information. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
NVD: View on NVD

Affected products (CPE)

Product	CPE
avid / nexis e series	`cpe:2.3:a:avid:nexis_e_series:<2025.5.1:::::::*`
avid / nexis f series	`cpe:2.3:a:avid:nexis_f_series:<2025.5.1:::::::*`
avid / nexis pro+	`cpe:2.3:a:avid:nexis_pro+:<2025.5.1:::::::*`
avid / system director appliance	`cpe:2.3:a:avid:system_director_appliance:<2025.5.1:::::::*`