CVE-2024-32656

Name of the Vulnerable Software and Affected Versions Ant Media Server versions 2.6.0 through 2.8.2

Description A local privilege escalation issue is present in Ant Media Server, allowing any unprivileged operating system user account to escalate privileges to the root user account on the system. This issue arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. An unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server, allowing an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the antmedia service account on the system.

Recommendations For versions 2.6.0 through 2.8.2, update to version 2.9.0 to resolve the issue. As a temporary workaround, remove the following parameters from the antmedia.service file: -Dcom.sun.management.jmxremote, -Dcom.sun.management.jmxremote.authenticate=false, -Dcom.sun.management.jmxremote.ssl=false, -Dcom.sun.management.jmxremote.port=5599, -Dcom.sun.management.jmxremote.local.only=true, -Dcom.sun.management.jmxremote.host=127.0.0.1, -Djava.rmi.server.hostname=127.0.0.1, -Djava.rmi.server.useLocalHostname=true, and -Dcom.sun.management.jmxremote.rmi.port=5599.