PT-2026-25731 · Wowza · Streaming Engine
Published
2026-03-15
·
Updated
2026-03-16
·
CVE-2016-20033
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wowza Streaming Engine version 4.5.0
Description
The software contains a local privilege escalation issue. Authenticated users can gain elevated privileges by replacing executable files due to incorrect file permissions that grant full access to the Everyone group. An attacker can replace the
nssm x64.exe binary in the manager and engine service directories with malicious executables. When the services restart, code is executed with LocalSystem privileges.Recommendations
Apply updates to address file permission issues for the
nssm x64.exe binary in the manager and engine service directories.Exploit
Fix
LPE
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Streaming Engine