← Advisories

B-swiss 3 Digital Signage System 3.6.5 Database Disclosure

High
Advisory ID
ZSL-2020-5588
Release Date
19 September 2020
Vendor
B-Swiss SARL, b-tween Sarl - https://www.b-swiss.com
Affected Version
3.6.5, 3.6.2, 3.6.1, 3.6.0, 3.5.80, 3.5.40, 3.5.20, 3.5.00, 3.2.00, 3.1.00
CVE
CVE-2020-22006
Tested On
Linux 5.3.0-46-generic x86_64, Linux 4.15.0-20-generic x86_64, Linux 4.9.78-xxxx-std-ipv6-64, Linux 4.7.0-040700-generic x86_64, Linux 4.2.0-27-generic x86_64, Linux 3.19.0-47-generic x86_64, Linux 2.6.32-5-amd64 x86_64, Darwin 17.6.0 root:xnu-4570.61.1~1 x86_64, macOS 10.13.5, Microsoft Windows 7 Business Edition SP1 i586, Apache/2.4.29 (Ubuntu), Apache/2.4.18 (Ubuntu), Apache/2.4.7 (Ubuntu), Apache/2.2.22 (Win64), Apache/2.4.18 (Ubuntu), Apache/2.2.16 (Debian), PHP/7.2.24-0ubuntu0.18.04.6, PHP/5.6.40-26+ubuntu18.04.1+deb.sury.org+1, PHP/5.6.33-1+ubuntu16.04.1+deb.sury.org+1, PHP/5.6.31, PHP/5.6.30-10+deb.sury.org~xenial+2, PHP/5.5.9-1ubuntu4.17, PHP/5.5.9-1ubuntu4.14, PHP/5.3.10, PHP/5.3.13, PHP/5.3.3-7+squeeze16, PHP/5.3.3-7+squeeze17, MySQL/5.5.49, MySQL/5.5.47, MySQL/5.5.40, MySQL/5.5.30, MySQL/5.1.66, MySQL/5.1.49, MySQL/5.0.77, MySQL/5.0.12-dev, MySQL/5.0.11-dev, MySQL/5.0.8-dev, phpMyAdmin/3.5.7, phpMyAdmin/3.4.10.1deb1, phpMyAdmin/3.4.7, phpMyAdmin/3.3.7deb7, WampServer 3.2.0, Acore Framework 2.0
Summary

Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project.

Description

The application is vulnerable to unauthenticated database download and information disclosure vulnerability. This can enable the attacker to disclose sensitive information resulting in authentication bypass, session hijacking and full system control.

Proof of Concept
bswiss_db.txtTXT
Disclosure Timeline
13.06.2020Vulnerability discovered.
15.07.2020Vendor contacted. (webform)
17.07.2020No response from the vendor.
18.07.2020Vendor contacted. (email)
21.07.2020Vendor responds asking more details.
21.07.2020Sent overview to the vendor asking for secure channel.
23.07.2020No response from the vendor.
24.07.2020Asked vendor for comment/update/status.
27.07.2020Vendor asks more details.
27.07.2020Sent details to the vendor.
29.07.2020Asked vendor for status update.
30.07.2020Vendor responds with questions.
30.07.2020Replied to the vendor.
31.07.2020Vendor looking into roadmap for the problems identified.
03.08.2020Replied to the vendor.
05.08.2020Vendor responds, if the reported vulnerabilities are applicable they will create patch for customers.
06.08.2020Asked vendor for patch milestone.
06.08.2020Vendor doesn't know.
18.08.2020Asked vendor for status update.
18.09.2020No reponse from the vendor.
18.09.2020Asked vendor for status update.
18.09.2020Vendor refuses to provide any further information.
18.09.2020Replied to the vendor, advisory release scheduled 19.09.2020.
18.09.2020Vendor working on fix, will inform us when issues have been solved.
18.09.2020Replied to the vendor.
19.09.2020Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/159230
[2]https://www.exploit-db.com/exploits/48834
[3]https://cxsecurity.com/issue/WLB-2020090121
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/188578
[5]https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-22006
[6]https://nvd.nist.gov/vuln/detail/CVE-2020-22006
Changelog
19.09.2020Initial release
30.09.2020Added reference [1], [2], [3] and [4]
19.06.2021Added reference [5] and [6]