Vulnerability Description
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wowza | Streaming Engine | <= 4.8.0 |
Related Weaknesses (CWE)
References
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7654-CSRF-WowzExploitThird Party Advisory
- https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streamThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notesRelease NotesVendor Advisory
- https://www.wowza.com/pricing/installerVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7654-CSRF-WowzExploitThird Party Advisory
- https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streamThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notesRelease NotesVendor Advisory
- https://www.wowza.com/pricing/installerVendor Advisory
FAQ
What is CVE-2019-7654?
CVE-2019-7654 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding anot...
How severe is CVE-2019-7654?
CVE-2019-7654 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7654?
Check the references section above for vendor advisories and patch information. Affected products include: Wowza Streaming Engine.