CVE-2017-14143

CRITICAL

Kaltura <13.2.0 - Code Injection

Title source: llm

Description

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/43876

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Robin Verton <[email protected]>, Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/kaltura_unserialize_cookie_rce.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Robin Verton · pythonwebappsphp

https://www.exploit-db.com/exploits/43028

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100976

[Third Party Advisory] https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682

[Exploit, Third Party Advisory] https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43028/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43876/

Scores

CVSS v3 9.8

EPSS 0.7745

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-798

Status draft

Affected Products (1)

kaltura/kaltura_server < mercury-13.1.0

Timeline

Published Sep 19, 2017

Tracked Since Feb 18, 2026