CVE-2020-36917

Summary

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.

Affected Software

VendorProductVersion RangeStatus
Guangzhou Yeroo Tech Co., Ltd.iDS6 DSSPro Digital Signage SystemV6.2 B2014.12.12.1220affected
Guangzhou Yeroo Tech Co., Ltd.iDS6 DSSPro Digital Signage SystemV5.6 B2017.07.12.1757affected
Guangzhou Yeroo Tech Co., Ltd.iDS6 DSSPro Digital Signage SystemV4.3affected

Weaknesses

  • CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References