Eibiz i-Media Server Digital Signage Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Eibiz i-Media Server Digital Signage version 3.8.0. This vulnerability allows unauthenticated attackers to modify user roles through the updateUser object, effectively elevating privileges and taking over user accounts. The /messagebroker/amf endpoint is exploited to manipulate role settings without authentication.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation and account takeover by modifying user roles.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the /messagebroker/amf endpoint. This request must include the updateUser object, which is part of the ActionScript object graphs. The payload should be serialized in a specific format that includes the target username, password, display name, and the desired role (such as 'Administrator'). Once the request is sent, the user account will be updated with the new role, effectively escalating privileges or taking over the account.