CVE-2024-52054

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.

CVSS

No CVSS.

References

Link	Resource
https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes

Configurations

No configuration.

History

21 Nov 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-21 23:15

Updated : 2024-11-21 23:15

NVD link : CVE-2024-52054

Mitre link : CVE-2024-52054

CVE.ORG link : CVE-2024-52054

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-52054", "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-21T23:15:05.627", "references": [{"url": "https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/", "source": "cve@rapid7.com"}, {"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes", "source": "cve@rapid7.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an\u00a0administrator user to create an XML definition file anywhere on the file system."}], "lastModified": "2024-11-21T23:15:05.627", "sourceIdentifier": "cve@rapid7.com"}

CVE-2024-52054

JSON object

Attach tags to CVE-2024-52054

Attach tags to `CVE-2024-52054`