HackDig : Dig high-quality web security articles

Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover

2020-08-20 18:59
Title: Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
Advisory ID: ZSL-2020-5584
Type: Local/Remote
Impact: Privilege Escalation, Security Bypass
Risk: (5/5)
Release Date: 21.08.2020
Summary
EIBIZ develop advertising platform for out of home media in thattime the world called "Digital Signage". Because most business customersstill need get outside to get in touch which products and services. Onlinemedia alone cannot serve them right place, right time.
Description
The application suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.
Vendor
EIBIZ Co.,Ltd. - http://www.eibiz.co.th
Affected Version
<=3.8.0
Tested On
Windows Server 2016
Windows Server 2012 R2
Windows Server 2008 R2
Apache Flex
Apache Tomcat/6.0.14
Apache-Coyote/1.1
BlazeDS Application
Vendor Status
[26.07.2020] Vulnerability discovered.
[30.07.2020] Vendor contacted.
[20.08.2020] No response from the vendor.
[21.08.2020] Public security advisory released.
PoC
imediasignage_privesc.py
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[21.08.2020] - Initial release
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.4855-0202-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:1712 | Comments:0 | Tags:No Tag

“Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3