CVE-2016-20034

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine version 4.5.0

Description Wowza Streaming Engine 4.5.0 contains a condition that allows authenticated users with read-only access to gain administrative privileges. This is achieved by manipulating parameters within POST requests sent to the user edit endpoint. Specifically, attackers can set the accessLevel parameter to 'admin' and the advUser parameters to 'true' and 'on' to obtain administrative access.

Recommendations Apply any available updates or patches to address this issue. As a temporary workaround, restrict access to the user edit endpoint to prevent unauthorized modification of user privileges.