CVE-2024-37917
📋 TL;DR
CVE-2024-37917 is an improper input validation vulnerability in Pexip Infinity video conferencing software that allows remote attackers to cause a denial of service (software crash) by sending specially crafted signaling messages. This affects all Pexip Infinity deployments running versions before 35.0. The vulnerability requires network access to the Pexip Infinity signaling interface.
💻 Affected Systems
- Pexip Infinity
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of Pexip Infinity conferencing services, rendering video meetings and collaboration tools unavailable until manual restart.
Likely Case
Targeted DoS attacks causing service interruptions for specific conferences or meeting rooms, requiring administrator intervention to restore functionality.
If Mitigated
Limited impact with proper network segmentation and monitoring, allowing quick detection and isolation of attack traffic.
🎯 Exploit Status
The vulnerability is in the signaling message parser, making it relatively easy to craft malicious packets once the protocol is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 35.0 or later
Vendor Advisory: https://docs.pexip.com/admin/security_bulletins.htm
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download Pexip Infinity 35.0 or later from Pexip support portal. 3. Apply the update following Pexip's upgrade procedures. 4. Restart all Pexip Infinity services. 5. Verify functionality post-upgrade.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict access to Pexip Infinity signaling ports (typically TCP 443, 5060-5061, 7443) to trusted networks only.
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Rate Limiting
linuxImplement rate limiting on signaling interfaces to prevent rapid exploitation attempts.
iptables -A INPUT -p tcp --dport 5060 -m limit --limit 10/min --limit-burst 20 -j ACCEPT
🧯 If You Can't Patch
- Implement strict network ACLs to limit signaling interface access to required IP ranges only.
- Deploy intrusion prevention systems (IPS) with custom rules to detect and block malformed signaling messages.
🔍 How to Verify
Check if Vulnerable:
Check Pexip Infinity version via admin web interface or SSH: 'pexip --version' or review /opt/pexip/share/version.txtCheck Version:
ssh admin@pexip-host "cat /opt/pexip/share/version.txt"Verify Fix Applied:
Confirm version is 35.0 or higher and test signaling functionality with legitimate conference connections.📡 Detection & Monitoring
Log Indicators:
- Unexpected service restarts in /var/log/pexip/*.log
- Abnormal termination messages in system logs
- High volume of malformed SIP/H.323 messages
Network Indicators:
- Unusual spike in signaling traffic to Pexip ports
- Malformed SIP/H.323 packets from single sources
- Repeated connection attempts with invalid message formats
SIEM Query:
source="pexip_logs" AND ("abort" OR "crash" OR "unexpected termination") OR dest_port IN (5060,5061,7443,443) AND protocol="TCP" AND bytes<100