Elasticsearch Remote Command Execution Vuln on #Avid #MediaCentral - POC

Well since my office use Avid system as their broadcast system, i try to hack into the system and it works. Actually this vulnerability is not in Avid system but in Elasticsearch (CVE-2014-3120). This vulnerability affected Avid system and this is a high risk vulnerability. Avid still use vulnerable Elasticsearch application.

Here is the proof of concept.

Attacker can execute command to read files on server.

Here is the exploit to read files on servers.

Here is the metasploit screenshot how i got shell on Avid servers using ElasticSearch Dynamic Script Arbitrary Java Execution module.

Pwnd. :)

If people from Avid see this post, please fix this vulnerability ASAP. This system cost a lot of money.

Thank You!