CVE-2019-19455

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine versions prior to 4.8.5

Description The issue concerns insecure permissions in the Linux version of the server, potentially allowing a local attacker to escalate privileges by writing arbitrary commands in any file and executing them as root. This was resolved in version 4.8.5.

Recommendations For versions prior to 4.8.5, update to version 4.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the /usr/local/WowzaStreamingEngine/manager/bin/ directory to prevent arbitrary command execution.