First published: Fri Apr 23 2021(Updated: )
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wowza Streaming Engine | <=4.8.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-31540.
The severity of CVE-2021-31540 is high with a severity value of 7.1.
Wowza Streaming Engine versions up to and including 4.8.5 are affected by CVE-2021-31540.
A regular local user is able to read and write to all the configuration files in the conf/ directory of Wowza Streaming Engine, allowing them to modify the application server configuration.
Upgrade to a version of Wowza Streaming Engine that is not affected by CVE-2021-31540 or apply the necessary security patches or fixes provided by the vendor.