← Advisories

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin

Low
Advisory ID
ZSL-2020-5576
Release Date
31 July 2020
Vendor
All-Dynamics Software GmbH - https://www.all-dynamics.de
Affected Version
2.0.2 (Build 2098) ILP32W 0/1/3/1597919619
CVE
N/A
Tested On
enlogic:show server, Microsoft Windows Server 2019, Microsoft Windows Server 2016, Microsoft Windows Server 2012, Microsoft Windows 10, GNU/Linux, Apache, PHP
Summary

Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content will appear on the selected display in a calendar-controlled and precise manner.

Description

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept
enlogic_csrf.htmlTXT
Disclosure Timeline
21.07.2020Vulnerability discovered.
24.07.2020Vendor contacted.
24.07.2020Vendor creates Ticket#2020072410000011.
27.07.2020Vendor responds asking more details.
27.07.2020Sent details to the vendor.
29.07.2020Vendor confirms the issue scheduling new fixed version release.
29.07.2020Replied to the vendor.
31.07.2020Vendor releases version 2.0.3 (Build 2102) that addresses this issue.
31.07.2020Coordinated public security advisory release.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.enlogic-show.com/support/changelog/news/2_0_3.html
[2]https://www.zeroscience.mk/#/advisories/ZSL-2020-5577
[3]https://packetstormsecurity.com/files/158701
[4]https://www.exploit-db.com/exploits/48736
[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/186430
Changelog
31.07.2020Initial release
14.08.2020Added reference [3], [4] and [5]