CVE-2018-18930

Name of the Vulnerable Software and Affected Versions Tightrope Media Carousel digital signage product version 7.0.4.104

Description The issue allows an authenticated attacker to upload a crafted ZIP file containing a malicious file through the Manage Bulletins/Upload feature. This can lead to remote code execution. The system checks for the presence of needed files within the ZIP and extracts all contained files to a new directory, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI and then navigate to the malicious file to execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user.

Recommendations For version 7.0.4.104, consider disabling the Manage Bulletins/Upload feature until a patch is available to prevent exploitation. Restrict access to the uploaded files and directories to minimize the risk of remote code execution. Avoid using the feature to upload ZIP files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.