CVE-2020-36918

Summary

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.

Affected Software

VendorProductVersion RangeStatus
YerootechiDS6 DSSPro Digital Signage System6.2 B2014.12.12.1220affected
YerootechiDS6 DSSPro Digital Signage System5.6 B2017.07.12.1757affected
YerootechiDS6 DSSPro Digital Signage System4.3affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References