Details of VAR-201712-0914

ID

VAR-201712-0914

CVE

CVE-2017-17738

TITLE

BrightSign Digital Signage Vulnerability related to authorization, authority, and access control in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-011555

DESCRIPTION

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. An attacker could exploit this vulnerability by using the /tools.html web page to rename and modify files. The pages: /network_diagnostics.html /storage_info.html Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks. The RP parameter in STORAGE.HTML suffers from a directory traversal/information leakage weakness: /storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc Through parameter manipulation, the file system can be traversed, unauthenticated, allowing for leakage of information and compromise of the device. This page also allows for unauthenticated upload of files. /tools.html Page allows for unauthenticated rename/manipulation of files. When combined, these vulnerabilities allow for compromise of both end users and the device itself. Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

Trust: 1.8

sources: NVD: CVE-2017-17738 // JVNDB: JVNDB-2017-011555 // VULHUB: VHN-108790 // PACKETSTORM: 145489

AFFECTED PRODUCTS

vendor:	brightsign	model:	4k242	scope:	lte	version:	6.2.63	Trust: 1.8
vendor:	brightsign	model:	4k242	scope:	eq	version:	6.2.63	Trust: 0.6

sources: JVNDB: JVNDB-2017-011555 // CNNVD: CNNVD-201712-660 // NVD: CVE-2017-17738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17738
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-17738
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201712-660
value:	HIGH
Trust: 0.6
VULHUB:	VHN-108790
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17738
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-108790
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17738
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-108790 // JVNDB: JVNDB-2017-011555 // CNNVD: CNNVD-201712-660 // NVD: CVE-2017-17738

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-108790 // JVNDB: JVNDB-2017-011555 // NVD: CVE-2017-17738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-660

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201712-660

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011555

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-108790

PATCH

title:

4K Product Line

url:

https://www.brightsign.biz/digital-signage-products/legacy-products/4k-product-line

Trust: 0.8

sources: JVNDB: JVNDB-2017-011555

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17738	Trust: 2.6
db:	EXPLOIT-DB	id:	43364	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-011555	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-660	Trust: 0.7
db:	VULHUB	id:	VHN-108790	Trust: 0.1
db:	PACKETSTORM	id:	145489	Trust: 0.1

sources: VULHUB: VHN-108790 // JVNDB: JVNDB-2017-011555 // PACKETSTORM: 145489 // CNNVD: CNNVD-201712-660 // NVD: CVE-2017-17738

REFERENCES

url:	http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html	Trust: 2.5
url:	https://www.exploit-db.com/exploits/43364/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17738	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17738	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17737	Trust: 0.1

sources: VULHUB: VHN-108790 // JVNDB: JVNDB-2017-011555 // PACKETSTORM: 145489 // CNNVD: CNNVD-201712-660 // NVD: CVE-2017-17738

CREDITS

singularitysec

Trust: 0.1

sources: PACKETSTORM: 145489

SOURCES

db:	VULHUB	id:	VHN-108790
db:	JVNDB	id:	JVNDB-2017-011555
db:	PACKETSTORM	id:	145489
db:	CNNVD	id:	CNNVD-201712-660
db:	NVD	id:	CVE-2017-17738

LAST UPDATE DATE

2025-04-20T23:29:30.383000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-108790	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-011555	date:	2018-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201712-660	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17738	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-108790	date:	2017-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-011555	date:	2018-01-18T00:00:00
db:	PACKETSTORM	id:	145489	date:	2017-12-19T14:26:57
db:	CNNVD	id:	CNNVD-201712-660	date:	2017-12-19T00:00:00
db:	NVD	id:	CVE-2017-17738	date:	2017-12-18T06:29:00.317