7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.0%
Ant Media Server is vulnerable to Privilege Escalation. The vulnerability is caused by running Java Management Extensions (JMX) with authentication disabled on localhost on port 5599. This allows unprivileged users to connect locally and leverage MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This insecure configuration could lead to privilege escalation to the root user
CPE | Name | Operator | Version |
---|---|---|---|
ant media server | le | 2.8.2 | |
ant media server | le | 2.8.2 |