PT-2017-14978 · Brightsign · Brightsign Digital Signage

Singularitysec

·

Published

2017-12-18

·

Updated

2019-10-03

·

CVE-2017-17738

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions BrightSign Digital Signage (4k242) versions 6.2.63 and below
Description The issue allows renaming and modifying files via the "/tools.html" API endpoint.
Recommendations For versions 6.2.63 and below, consider restricting access to the "/tools.html" endpoint until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2017-17738

Affected Products

Brightsign Digital Signage