Vulnerability Description
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sony | Bravia Signage | <= 1.7.8 |
Related Weaknesses (CWE)
References
- https://cxsecurity.com/issue/WLB-2020120030Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192605Third Party Advisory
- https://packetstorm.news/files/id/160345ExploitThird Party Advisory
- https://pro-bravia.sony.netProduct
- https://pro-bravia.sony.net/resources/software/bravia-signage/Product
- https://pro.sony/ue_US/products/display-softwareProduct
- https://www.exploit-db.com/exploits/49186ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticatedThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.phpExploitThird Party Advisory
FAQ
What is CVE-2020-36924?
CVE-2020-36924 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can...
How severe is CVE-2020-36924?
CVE-2020-36924 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36924?
Check the references section above for vendor advisories and patch information. Affected products include: Sony Bravia Signage.