Can you explain this vulnerability to me?

This vulnerability in UBICOD Medivision Digital Signage 1.5.1 is an authorization bypass that allows normal users to escalate their privileges to super admin by manipulating the 'ft[grp]' parameter. Specifically, an attacker can send a GET request to /html/user with 'ft[grp]' set to the integer value '3' to gain super admin rights without needing to authenticate.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow an attacker with normal user access to gain super admin privileges without authentication. This could lead to unauthorized control over the system, potentially allowing the attacker to modify settings, access sensitive data, or disrupt services.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by monitoring for GET requests to the /html/user endpoint with the parameter 'ft[grp]' set to the integer value '3'. For example, using network traffic analysis tools like tcpdump or Wireshark, you can filter HTTP GET requests containing 'ft[grp]=3'. A sample command using tcpdump might be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'GET /html/user' | grep 'ft[grp]=3'. Alternatively, web server logs can be searched for such requests.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the /html/user endpoint to trusted users only, implementing proper authorization checks on the server side to prevent privilege escalation via the 'ft[grp]' parameter, and monitoring for suspicious requests attempting to set 'ft[grp]' to '3'. Applying any available patches or updates from the vendor is also recommended once available.

Useful 0 Not Useful 0