Cyber Posture

CVE-2020-36892

CriticalPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 61.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role…

more

settings without authentication.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Explicitly defines and restricts actions permitted without identification or authentication, directly preventing unauthenticated access to the updateUser endpoint for role modifications.

AC-3 Access Enforcement good match
prevent

Enforces approved access authorizations, blocking unauthorized privilege escalations via the /messagebroker/amf endpoint.

AC-2 Account Management good match
prevent

Manages user accounts and associated privileges securely, ensuring roles cannot be modified without proper authorization.

Security SummaryAI

CVE-2020-36892 is an unauthenticated privilege escalation vulnerability affecting Eibiz i-Media Server Digital Signage version 3.8.0. The flaw resides in the updateUser object, which permits attackers to modify user roles without authentication by targeting the /messagebroker/amf endpoint. This issue aligns with CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.

Remote attackers require no privileges or user interaction to exploit the vulnerability. By sending crafted requests to the vulnerable endpoint, they can manipulate role settings, elevate their privileges, and take over user accounts, potentially gaining full control over the digital signage server.

Advisories detailing the vulnerability, including proof-of-concept exploits, are available from sources such as Exploit-DB (exploit 48774), VulnCheck, and Zero Science Lab (ZSL-2020-5584). The vendor site at eibiz.co.th provides additional context, though specific patch details are not outlined in the provided references. Security practitioners should verify updates directly from the vendor and restrict access to the /messagebroker/amf endpoint.

A public proof-of-concept exploit has been published on Exploit-DB, highlighting active interest from the research community despite the CVE's 2020 designation and its listing published on 2025-12-10.

Details

CWE(s)
CWE-306

Affected Products

eibiz
i-media server digital signage
3.8.0

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated remote privilege escalation via public-facing /messagebroker/amf endpoint enables exploitation of public-facing application (T1190) for privilege escalation (T1068) by modifying user roles.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References