PT-2020-20423 · Wowza · Wowza Streaming Engine

Published

2020-04-14

Updated

2022-05-03

CVE-2020-9004

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine versions 4.8.0 and earlier Wowza Streaming Engine version 4.7.8

Description A remote authenticated authorization-bypass issue allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges.

Recommendations For Wowza Streaming Engine versions 4.8.0 and earlier, update to version 4.8.5 to resolve the issue. For Wowza Streaming Engine version 4.7.8, update to version 4.8.5 to resolve the issue.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-9004

Affected Products

Wowza Streaming Engine

PT-2020-20423 · Wowza · Wowza Streaming Engine

CVE-2020-9004

Weakness Enumeration

Related Identifiers

Affected Products

References · 6