Neoscreen 4.5 Authentication Bypass

2016.07.26
Credit: Alex Haynes
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-592

Exploit Title: Neoscreen v4.5 Authentication bypass Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Authentication Bypass Issues [CWE-592] CVE Reference: NONE Credit: Alex Haynes Advisory Details: (1) Vendor & Product Description -------------------------------- Vendor: Cube Digital Media Product & Version: Neoscreen digital signage software v4.5 Vendor URL & Download: http://www.cube-display.fr Product Description: "Neoscreen is an innovative, scalable and particularly powerful communication system. With just a few clicks, you can control all your dynamic display screens from your PC, wherever they may be in the world. " (2) Vulnerability Details: -------------------------- Several URL's of the admin interface of the neoscreen software do not perform session checks correctly, thereby allowing authentication bypass and allowing any user to access admin functions. Proof of concept: Any of the following URL's will allow access to the admin interface os the Neoscreen software, to admin functions that (among other things) allow the user to shutdown the screen completely, or wipe the database. http://neoscreen/cubelocal/admin/shutdownMachine.asp http://neoscreen/cubelocal/admin/stabilityControl.asp http://neoscreen/cubelocal/modules/neoscreen/messages/basevide.asp http://neoscreen/cubelocal/classe/index.asp (3) Advisory Timeline: ---------------------- 25/01/2016 - First Contact: vendor responds saying they are working on fix 24/02/2016 - Follow up e-mail to request fix timeline. No vendor response. 03/03/2016 - Follow up e-mail to request fix timeline. 04/03/2016 - Vendor responds saying fix will be available 14/03/2016. (4)Solution: ------------ Upgrade to version 5 will fix this vulnerability. (5) Credits: ------------ Discovered by Alex Haynes


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top