BrightSign Digital Signage Diagnostic Web Server Server-Side Request Forgery Vulnerability
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in the BrightSign Digital Signage Diagnostic Web Server, specifically in versions through 8.2.26. This vulnerability allows unauthenticated attackers to manipulate the 'url' GET parameter in the Download Speed Test service. By doing so, they can direct the application to make arbitrary HTTP requests to internal network hosts, potentially bypassing firewalls and facilitating network enumeration.
Impact
Exploitation of this vulnerability could lead to unauthorized internal network access and enumeration, allowing attackers to gather information about internal hosts and services.
Reproduction
The vulnerability can be reproduced by sending a GET request to the '/speedtest' endpoint with a crafted 'url' parameter. This parameter should point to an internal network resource, such as a service running on localhost or another internal IP address.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.