CVE-2016-20034
CVE-2016-20034
8.7
HighPublished:
Last updated:
Source:disclosure@vulncheck.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.
References
disclosure@vulncheck.com
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.phpdisclosure@vulncheck.com
https://www.exploit-db.com/exploits/40133disclosure@vulncheck.com
https://www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-edit