All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin
Title: All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin
Advisory ID: ZSL-2020-5576
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (2/5)
Release Date: 31.07.2020
Microsoft Windows Server 2019
Microsoft Windows Server 2016
Microsoft Windows Server 2012
Microsoft Windows 10
GNU/Linux
Apache
PHP
[24.07.2020] Vendor contacted.
[24.07.2020] Vendor creates Ticket#2020072410000011.
[27.07.2020] Vendor responds asking more details.
[27.07.2020] Sent details to the vendor.
[29.07.2020] Vendor confirms the issue scheduling new fixed version release.
[29.07.2020] Replied to the vendor.
[31.07.2020] Vendor releases version 2.0.3 (Build 2102) that addresses this issue.
[31.07.2020] Coordinated public security advisory release.
[2] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5577.php
[3] https://packetstormsecurity.com/files/158701
[4] https://www.exploit-db.com/exploits/48736
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/186430
[14.08.2020] - Added reference [3], [4] and [5]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2020-5576
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (2/5)
Release Date: 31.07.2020
Summary
Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content will appear on the selected display in a calendar-controlled and precise manner.Description
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.Vendor
All-Dynamics Software GmbH - https://www.all-dynamics.deAffected Version
2.0.2 (Build 2098) ILP32W 0/1/3/1597919619Tested On
enlogic:show serverMicrosoft Windows Server 2019
Microsoft Windows Server 2016
Microsoft Windows Server 2012
Microsoft Windows 10
GNU/Linux
Apache
PHP
Vendor Status
[21.07.2020] Vulnerability discovered.[24.07.2020] Vendor contacted.
[24.07.2020] Vendor creates Ticket#2020072410000011.
[27.07.2020] Vendor responds asking more details.
[27.07.2020] Sent details to the vendor.
[29.07.2020] Vendor confirms the issue scheduling new fixed version release.
[29.07.2020] Replied to the vendor.
[31.07.2020] Vendor releases version 2.0.3 (Build 2102) that addresses this issue.
[31.07.2020] Coordinated public security advisory release.
PoC
enlogic_csrf.htmlCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.enlogic-show.com/support/changelog/news/2_0_3.html[2] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5577.php
[3] https://packetstormsecurity.com/files/158701
[4] https://www.exploit-db.com/exploits/48736
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/186430
Changelog
[31.07.2020] - Initial release[14.08.2020] - Added reference [3], [4] and [5]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk