Remote Authenticated Authorization Bypass Vulnerability in Wowza Streaming Engine 4.8.0 and Earlier

Remote Authenticated Authorization Bypass Vulnerability in Wowza Streaming Engine 4.8.0 and Earlier

CVE-2020-9004 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5.

Learn more about our User Device Pen Test.