CVE-2016-20033

Sažetak

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.

Reference

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5339.php
https://www.exploit-db.com/exploits/40132
https://www.vulncheck.com/advisories/wowza-streaming-engine-local-privilege-escalation-via-nssm-x64-exe

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

16-03-2026 - 14:53

Objavljeno

16-03-2026 - 14:17