Vulnerabilities > CVE-2019-13020 - Server-Side Request Forgery (SSRF) vulnerability in Trms Tightrope Media Carousel

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

trms

CWE-918

critical

NVD

Published: 2019-08-26

Updated: 2019-09-06

Summary

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet.

Vulnerable Configurations

Part	Description	Count
Application	Trms Trms Tightrope Media Carousel - Trms Tightrope Media Carousel 7.0.0 Trms Tightrope Media Carousel 7.0.1 Trms Tightrope Media Carousel 7.0.2 Trms Tightrope Media Carousel 7.0.3 Trms Tightrope Media Carousel 7.0.4 Trms Tightrope Media Carousel 7.0.5 Trms Tightrope Media Carousel 7.0.6 Trms Tightrope Media Carousel 7.0.7 Trms Tightrope Media Carousel 7.0.8 Trms Tightrope Media Carousel 7.0.9 Trms Tightrope Media Carousel 7.0.10 Trms Tightrope Media Carousel 7.1.0 Trms Tightrope Media Carousel 7.1.1	14

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.carouselsignage.com/release-notes/carousel-7-1-3