Lucene search

[email protected]NVD:CVE-2021-31540

HistoryApr 23, 2021 - 5:15 p.m.

CVE-2021-31540

2021-04-2317:15:08

CWE-732

[email protected]

web.nvd.nist.gov

wowza streaming engine

incorrect file permissions

configuration files

local user

read

write

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.

Affected configurations

Nvd

Node

wowzastreaming_engineRange≤4.8.5

VendorProductVersionCPE
wowzastreaming_engine*cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wowza	streaming_engine	*	cpe:2.3:a:wowza:streaming_engine::::::::

References

www.gruppotim.it/redteam

www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes

www.wowza.com/products/streaming-engine

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-31540

cve1 prion1 cvelist1