Sencore SMP100 Session Hijacking Vulnerability

A session hijacking vulnerability has been identified in the Sencore SMP100 SMP Media Platform, specifically in firmware versions V4.2.160, V60.1.4, and V60.1.29. The vulnerability arises from improper session management on the '/UserManagement.html' endpoint, allowing attackers on the same network as the victim to exploit an active session. This exploitation enables unauthorized access to the user management interface, where attackers can add new users without authentication, potentially leading to malicious activities on the system.

Impact

Exploitation of this vulnerability allows for session hijacking, unauthorized access to the user management interface, and the ability to add new users without authentication. This could lead to unauthorized system access and the possibility of performing malicious activities on the platform.

Reproduction

To reproduce this vulnerability, an attacker must be on the same network as a victim with an active session on the Sencore SMP100 platform. Once these conditions are met, the attacker can access the '/UserManagement.html' endpoint and add new users without any authentication.

Remediation

Administrators are advised to implement secure session handling by validating session tokens for sensitive operations, enforce access control checks to ensure proper authorization for user management tasks, and monitor session activity for abnormal behaviors. Until a patch is available, access to the '/UserManagement.html' endpoint can be restricted via IP whitelisting or VPNs.