7.5

CVE-2020-36922

Exploit

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SonyBravia Signage Version <= 1.7.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.415
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
disclosure@vulncheck.com 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://www.exploit-db.com/exploits/49187
Third Party Advisory
Exploit
VDB Entry
https://pro-bravia.sony.net
Product
https://pro-bravia.sony.net/resources/software/bravia-signage/
Product
https://pro.sony/ue_US/products/display-software
Product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
Third Party Advisory
Exploit
https://packetstorm.news/files/id/160343
Third Party Advisory
https://cxsecurity.com/issue/WLB-2020120028
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/192606
Third Party Advisory
https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure
Third Party Advisory