CVE-2021-31540

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
wowzastreaming_engine
𝑥
≤ 4.8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.gruppotim.it/redteam
https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes
https://www.wowza.com/products/streaming-engine
https://www.gruppotim.it/redteam
https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes
https://www.wowza.com/products/streaming-engine