Cyber Resilience

CVE-2020-36892

CriticalPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0039 60.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-36892 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Eibiz I-Media Server Digital Signage. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 39.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-2 (Account Management).

Deeper analysis

CVE-2020-36892 is an unauthenticated privilege escalation vulnerability affecting Eibiz i-Media Server Digital Signage version 3.8.0. The flaw resides in the updateUser object, which permits attackers to modify user roles without authentication by targeting the /messagebroker/amf endpoint. This issue aligns with CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.

Remote attackers require no privileges or user interaction to exploit the vulnerability. By sending crafted requests to the vulnerable endpoint, they can manipulate role settings, elevate their privileges, and take over user accounts, potentially gaining full control over the digital signage server.

Advisories detailing the vulnerability, including proof-of-concept exploits, are available from sources such as Exploit-DB (exploit 48774), VulnCheck, and Zero Science Lab (ZSL-2020-5584). The vendor site at eibiz.co.th provides additional context, though specific patch details are not outlined in the provided references. Security practitioners should verify updates directly from the vendor and restrict access to the /messagebroker/amf endpoint.

A public proof-of-concept exploit has been published on Exploit-DB, highlighting active interest from the research community despite the CVE's 2020 designation and its listing published on 2025-12-10.

EU & UK References

Vulnerability details

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role…

more

settings without authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote privilege escalation via public-facing /messagebroker/amf endpoint enables exploitation of public-facing application (T1190) for privilege escalation (T1068) by modifying user roles.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25192Shared CWE-306
CVE-2026-27767Shared CWE-306
CVE-2026-25848Shared CWE-306
CVE-2025-59246Shared CWE-306
CVE-2026-26055Shared CWE-306
CVE-2025-62586Shared CWE-306
CVE-2026-29796Shared CWE-306
CVE-2026-26125Shared CWE-306
CVE-2026-27772Shared CWE-306
CVE-2026-2417Shared CWE-306

Affected Assets

eibiz
i-media server digital signage
3.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Explicitly defines and restricts actions permitted without identification or authentication, directly preventing unauthenticated access to the updateUser endpoint for role modifications.

prevent

Enforces approved access authorizations, blocking unauthorized privilege escalations via the /messagebroker/amf endpoint.

prevent

Manages user accounts and associated privileges securely, ensuring roles cannot be modified without proper authorization.

References