CVE-2016-20033

High CVSS: 8.5

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.

Vendor

Wowza

Product

Streaming Engine

CWE

CWE-639

Yayın Tarihi

2026-03-16 14:17:50

Güncelleme

2026-03-19 14:16:04

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-639 Streaming Engine HIGH Wowza 2026

Referanslar

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5339.php https://www.exploit-db.com/exploits/40132 https://www.vulncheck.com/advisories/wowza-streaming-engine-local-privilege-escalation-via-nssm-x64-exe

Benzer Kayıtlar

High

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to…

Medium

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform admini…

Medium

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager inter…