SpinetiX-SA-21:02
From SpinetiX Support Wiki
This page relates to security advisories.
Improper authorization checks on RPC calls
| Affected Products | HMP350, HMP300, DiVA, HMP400, HMP400W, third-party players |
|---|---|
| Severity | High |
| Fixed Release Availability | Upgrade to firmware 4.7.1 or later. |
CVE-2021-32034
- CVSS Base Score: 7.6 (High)
- CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Insufficient validation of user rights allows execution of RPC calls with administrator privileges by any valid user logged into the player web interface (i.e., a user authenticated via the sign-in form). It affects HMP350, HMP300, DiVA, HMP400, HMP400W and third party devices running DSOS version lower than 4.7.1-1.0.1.
This vulnerability is mitigated by the fact that it only exists when users with restricted rights are created within the user manager tool, which is not the case in many deployments.
CVE-2021-32035
- CVSS Base Score: 7.6 (High)
- CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Insufficient validation of user rights allows execution of RPC calls with administrator privileges by any valid user authenticated via HTTP authentication or TLS-SRP. It affects HMP400, HMP400W and third party devices running DSOS version lower than 4.7.1-1.0.1, It does not affect HMP350, HMP300 and DiVA devices on any DSOS version.
This vulnerability is mitigated by the fact that it only exists when users with restricted rights are created within the user manager tool, which is not the case in many deployments.
Revisions
- July 2, 2021: Initial public release