Executive Summary

This vulnerability in UBICOD Medivision Digital Signage 1.5.1 is an authorization bypass that allows normal users to escalate their privileges to super admin by manipulating the 'ft[grp]' parameter. Specifically, an attacker can send a GET request to /html/user with 'ft[grp]' set to the integer value '3' to gain super admin rights without needing to authenticate.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with normal user access to gain super admin privileges without authentication. This could lead to unauthorized control over the system, potentially allowing the attacker to modify settings, access sensitive data, or disrupt services.

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by monitoring for GET requests to the /html/user endpoint with the parameter 'ft[grp]' set to the integer value '3'. For example, using network traffic analysis tools like tcpdump or Wireshark, you can filter HTTP GET requests containing 'ft[grp]=3'. A sample command using tcpdump might be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'GET /html/user' | grep 'ft[grp]=3'. Alternatively, web server logs can be searched for such requests.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the /html/user endpoint to trusted users only, implementing proper authorization checks on the server side to prevent privilege escalation via the 'ft[grp]' parameter, and monitoring for suspicious requests attempting to set 'ft[grp]' to '3'. Applying any available patches or updates from the vendor is also recommended once available.

Useful 0 Not Useful 0