CVE-2020-36894 — HIGH (7.5)

Vulnerability Description

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Eibiz	I-Media Server Digital Signage	3.8.0

Related Weaknesses (CWE)

CWE-306

References

http://www.eibiz.co.thBroken Link
https://www.exploit-db.com/exploits/48763ExploitThird Party AdvisoryVDB Entry
https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.phpExploitThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.phpExploitThird Party Advisory

FAQ

What is CVE-2020-36894?

CVE-2020-36894 is a vulnerability with a CVSS score of 7.5 (HIGH). Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attacker...

How severe is CVE-2020-36894?

CVE-2020-36894 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36894?

Check the references section above for vendor advisories and patch information. Affected products include: Eibiz I-Media Server Digital Signage.