CVE-2020-36884 Scanner

BrightSign Digital Signage is a widely used platform for digital signage solutions. It offers robust media players designed for commercial displays to show graphics, videos, and web pages. BrightSign solutions are used by businesses for advertising and marketing purposes, ranging from retail to education institutions. They provide a comprehensive suite of tools for content creation, scheduling, and network management, making them a popular choice for digital signage needs. The system is designed to be user-friendly while offering extensive features for a broad range of digital signage applications. BrightSign aims to make digital signage accessible and efficient for both novice and experienced users.

The Server-Side-Request-Forgery (SSRF) vulnerability affects the Diagnostic Web Server (DWS) component of BrightSign Digital Signage. SSRF vulnerabilities allow attackers to send unauthorized requests from the server, potentially compromising other services on the local network or accessing internal domains. In this specific case, the application processes user input in the 'url' GET parameter to form diagnostics requests. This vulnerability might allow an attacker to manipulate the input to make malicious requests. Unchecked SSRF could lead to unauthorized access to sensitive information or services.

The vulnerability is present in the BrightSign Digital Signage's speed test functionality. The 'url' parameter in the GET request is susceptible to manipulation, allowing an attacker to send crafted requests to arbitrary URLs. The parameter is misused in constructing diagnostic requests, making the application vulnerable to SSRF. This vulnerability requires basic network access, and it can be exploited by a remote attacker without authentication. The misuse of the URL parameter in the diagnostic request's URL is at the core of this issue. Effective exploitation of this flaw depends on the server's network configuration and isolation.

Exploitation of this SSRF vulnerability might have several potential effects, including unauthorized internal network scanning and potential data exfiltration. Malicious actors could gain access to sensitive intra-network resources or systems that aren't exposed to the public internet. Unauthorized transactions and execution of commands on these systems are possible if vulnerable services are present. Additionally, exploitation might allow the attacker to gather sensitive information or even access restricted internal data. This could lead to a significant threat to network security and confidentiality.

REFERENCES

• https://brightsign.zendesk.com/hc/en-us/articles/360056180694-Regarding-Advisory-ID-ZSL-2020-5595
• https://www.zeroscience.mk/codes/brightsign_ssrf.txt
• https://nvd.nist.gov/vuln/detail/CVE-2020-36884