Vulnerability Description
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wowza | Streaming Engine | <= 4.8.5 |
Related Weaknesses (CWE)
References
- https://www.gruppotim.it/redteamExploitThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notesRelease NotesVendor Advisory
- https://www.wowza.com/products/streaming-engineVendor Advisory
- https://www.gruppotim.it/redteamExploitThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notesRelease NotesVendor Advisory
- https://www.wowza.com/products/streaming-engineVendor Advisory
FAQ
What is CVE-2021-31540?
CVE-2021-31540 is a vulnerability with a CVSS score of 7.1 (HIGH). Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the...
How severe is CVE-2021-31540?
CVE-2021-31540 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31540?
Check the references section above for vendor advisories and patch information. Affected products include: Wowza Streaming Engine.