Drivebyte

Name of the Vulnerable Software and Affected Versions: Avid NEXIS E-series versions prior to 2025.5.1 Avid NEXIS F-series versions prior to 2025.5.1 Avid NEXIS PRO+ versions prior to 2025.5.1 System Director Appliance (SDA+) versions prior to 2025.5.1 Description: The application is susceptible to an unauthenticated arbitrary file read issue. The `filename` parameter does not properly validate file paths, allowing unauthorized users to read arbitrary files. Because the application operates with elevated privileges (root/NT AUTHORITY SYSTEM), attackers can potentially access sensitive information. Recommendations: Avid NEXIS E-series versions prior to 2025.5.1: Upgrade to version 2025.5.1 or later. Avid NEXIS F-series versions prior to 2025.5.1: Upgrade to version 2025.5.1 or later. Avid NEXIS PRO+ versions prior to 2025.5.1: Upgrade to version 2025.5.1 or later. System Director Appliance (SDA+) versions prior to 2025.5.1: Upgrade to version 2025.5.1 or later.

Name of the Vulnerable Software and Affected Versions: Avid NEXIS E-series versions prior to 2025.5.1 Avid NEXIS F-series versions prior to 2025.5.1 Avid NEXIS PRO+ versions prior to 2025.5.1 System Director Appliance (SDA+) versions prior to 2025.5.1 Description: The application is susceptible to an authenticated Arbitrary File Deletion. Because the application operates with elevated privileges (root/NT AUTHORITY SYSTEM) by default, attackers may exploit this to delete critical files. Recommendations: Avid NEXIS E-series: Update to version 2025.5.1 or later. Avid NEXIS F-series: Update to version 2025.5.1 or later. Avid NEXIS PRO+: Update to version 2025.5.1 or later. System Director Appliance (SDA+): Update to version 2025.5.1 or later.

Name of the Vulnerable Software and Affected Versions: Avid NEXIS E-series versions prior to 2025.5.1 Avid NEXIS F-series versions prior to 2025.5.1 Avid NEXIS PRO+ versions prior to 2025.5.1 System Director Appliance (SDA+) versions prior to 2025.5.1 Description: The Avid Nexis Agent uses a vulnerable gSOAP version. A vulnerability in gSOAP v2.8 allows for an Unauthenticated Path Traversal. Recommendations: Update Avid NEXIS E-series to version 2025.5.1 or later. Update Avid NEXIS F-series to version 2025.5.1 or later. Update Avid NEXIS PRO+ to version 2025.5.1 or later. Update System Director Appliance (SDA+) to version 2025.5.1 or later.

Name of the Vulnerable Software and Affected Versions: Avid NEXIS E-series versions prior to 2024.6.0 Avid NEXIS F-series versions prior to 2024.6.0 Avid NEXIS PRO+ versions prior to 2024.6.0 System Director Appliance (SDA+) versions prior to 2024.6.0 Description: The issue is related to an Improper Input Validation vulnerability in Avid products on Linux, allowing code execution on the underlying operating system with root permissions. Recommendations: Update Avid NEXIS E-series to version 2024.6.0 or later Update Avid NEXIS F-series to version 2024.6.0 or later Update Avid NEXIS PRO+ to version 2024.6.0 or later Update System Director Appliance (SDA+) to version 2024.6.0 or later