A critical session management vulnerability exists in multiple Screen SFT DAB products. This flaw allows an unauthenticated remote attacker to bypass security controls and delete user accounts, potentially leading to a complete denial of service for all legitimate users by locking them out of the system.

The vulnerability is an authentication bypass rooted in improper session management. The system incorrectly binds user sessions solely to an IP address without requiring other authentication tokens. An attacker who can use or spoof the IP address of a legitimately authenticated user can send unauthorized requests directly to the userManager API. This allows the attacker to perform administrative actions, such as deleting user accounts, without providing a valid session cookie or credentials.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe impact on business operations. An attacker can remove all user accounts, including administrative ones, effectively rendering the device unmanageable and causing a denial of service. This disrupts services relying on the affected equipment and could require manual intervention or a factory reset to restore access, leading to significant downtime and operational costs. The integrity of the system's user management is completely compromised.

Immediate Action: Apply the vendor-supplied security update immediately to patch the vulnerability. Organizations should update all affected Screen SFT DAB products to the latest available firmware version as recommended by the vendor.

Proactive Monitoring: System administrators should actively monitor for signs of exploitation. Review web server and application logs for any unusual or unauthorized requests to the userManager API, particularly for account deletion actions. Correlate these events with known administrative activity; any discrepancies should be investigated as a potential compromise.

Compensating Controls: If immediate patching is not feasible, implement network-level access controls as a temporary mitigation. Use a firewall or Access Control Lists (ACLs) to restrict access to the device's management interface, allowing connections only from a dedicated and trusted management network or a whitelist of specific IP addresses.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for a complete denial of service, we strongly recommend that organizations prioritize the immediate patching of this vulnerability. The risk of operational disruption is significant. If patching must be delayed, the compensating controls outlined above should be implemented without delay to reduce the attack surface. Continue to monitor for any new threat intelligence related to this CVE.