The severity is MEDIUM because while the system does use HMAC-SHA256 for authentication and prevents direct GPU passthrough, it relies on a single TCP port without encryption, which can be exploited by attackers to intercept or manipulate data.
The FFmpeg-over-IP system allows GPU-accelerated transcoding over a network but lacks proper authentication and encryption mechanisms to secure the TCP connection between client and server, potentially exposing sensitive data or allowing unauthorized access.
Affected Systems
- FFmpeg-over-IP server version <= 1.0
Affected Versions: all versions before 2.0
Remediation
- Update FFmpeg-over-IP to the latest version where encryption is enabled by default.
- Configure SSL/TLS for the TCP connection between client and server if updating is not possible.
- Ensure HMAC-SHA256 shared secrets are strong and regularly rotated.
Stack Impact
The impact affects services using FFmpeg-over-IP for transcoding, potentially impacting any application that relies on GPU-accelerated video processing over a network. No direct impact on nginx, docker, linux kernel, openssh, curl, openssl, python, or homelab components.