CVE-2021-31540

EUVD-2021-18438
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
wowzastreaming_engine
𝑥
≤ 4.8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.gruppotim.it/redteam
https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes
https://www.wowza.com/products/streaming-engine
https://www.gruppotim.it/redteam
https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes
https://www.wowza.com/products/streaming-engine