CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

CVSS 5.3 MEDIUMEPSS 0.5%CWE-829

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Pro-Bravia · Sony BRAVIA Digital Signage

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cxsecurity.com/issue/WLB-2020120030 https://exchange.xforce.ibmcloud.com/vulnerabilities/192605 https://packetstorm.news/files/id/160345 https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-software https://www.exploit-db.com/exploits/49186 https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusion https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php