PT-2024-8651 · Wowza · Wowza Streaming Engine
Ryan Emmons
·
Published
2024-07-30
·
Updated
2024-11-25
·
CVE-2024-52052
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Wowza Streaming Engine versions prior to 4.9.1
Description
The issue is related to insufficient input validation in Wowza Streaming Engine, which can be exploited by a remote attacker to execute arbitrary code. An authenticated Streaming Engine Manager administrator can define a custom application property and poison a stream target for high-privilege remote code execution. The vulnerability exposes thousands of servers to attack.
Recommendations
For Wowza Streaming Engine versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Streaming Engine Manager to minimize the risk of exploitation. Avoid using custom application properties and stream targets until the issue is resolved.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wowza Streaming Engine