CVE-2021-32545
📋 TL;DR
This vulnerability in Pexip Infinity allows remote attackers to cause denial of service by sending specially crafted RTMP input to unpatched systems. It affects all Pexip Infinity deployments before version 26 that have RTMP enabled. The lack of input validation means malicious RTMP streams can crash or degrade system performance.
💻 Affected Systems
- Pexip Infinity
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of Pexip Infinity platform, making video conferencing and collaboration services unavailable to all users.
Likely Case
Service degradation or temporary outages affecting video conferencing sessions, potentially requiring manual intervention to restore service.
If Mitigated
Minimal impact with proper network segmentation and monitoring, though some service degradation might still occur during attack attempts.
🎯 Exploit Status
Exploitation requires sending malicious RTMP traffic to vulnerable endpoints. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 26 or later
Vendor Advisory: https://docs.pexip.com/admin/security_bulletins.htm
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download Pexip Infinity version 26 or later from Pexip support portal. 3. Follow Pexip upgrade procedures for your deployment type (appliance or virtual). 4. Apply the update through management interface. 5. Restart services as required.
🔧 Temporary Workarounds
Disable RTMP Input
allDisable RTMP protocol support if not required for your deployment
Configure through Pexip Management Node web interface: System > Conferencing Nodes > select node > disable RTMP
Network Segmentation
allRestrict RTMP traffic to trusted sources only
Configure firewall rules to only allow RTMP (TCP 1935) from authorized sources
🧯 If You Can't Patch
- Implement strict network ACLs to limit RTMP traffic to trusted sources only
- Deploy network-based intrusion prevention systems to detect and block malicious RTMP traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check Pexip Infinity version via Management Node web interface: System > About. If version is below 26, system is vulnerable.Check Version:
ssh to management node and run: pexip --versionVerify Fix Applied:
After upgrade, verify version is 26 or higher in System > About. Test RTMP functionality with legitimate streams.📡 Detection & Monitoring
Log Indicators:
- Unusual RTMP connection attempts
- Service restart logs
- High CPU/memory usage alerts
- Conference node crash logs
Network Indicators:
- Abnormal RTMP traffic patterns
- Multiple RTMP connection attempts from single source
- Malformed RTMP packets
SIEM Query:
source="pexip" AND ("RTMP" OR "1935") AND ("error" OR "crash" OR "restart")