← volver
CVE-2016-20034

Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

CVSS 8.7 HIGHEPSS 0.2%CWE-352
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Wowza Media Systems, LLC. · Wowza Streaming Engine

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/40133https://www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-edithttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.php