Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-52052
CVE-2024-52052:
Wowza Streaming Engine vulnerability analysis and mitigation
Overview
CVE-2024-52052 is a critical vulnerability affecting Wowza Streaming Engine versions below 4.9.1. The vulnerability was discovered and reported by Ryan Emmons, Lead Security Researcher at Rapid7, and was disclosed on November 20, 2024. It affects the Wowza Streaming Engine Manager component, which is a web application used to manage and monitor Wowza Media Server instances. At the time of disclosure, approximately 18,500 Wowza Streaming Engine servers were exposed to the public internet (Rapid7 Blog).
Technical details
The vulnerability allows an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. The vulnerability has received a CVSS v4.0 score of 9.4 (CRITICAL) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H. The vulnerability affects versions from 4.3.0 up to (but not including) 4.9.1 on both Linux and Windows operating systems (NVD, Rapid7 Blog).
Impact
The vulnerability allows for high-privilege remote code execution on the underlying server. When successfully exploited, the attacker gains privileged access with root-level permissions on Linux systems and LocalSystem privileges on Windows systems. This level of access gives an attacker complete control over the affected system (Rapid7 Blog).
Mitigation and workarounds
The vulnerability has been patched in Wowza Streaming Engine version 4.9.1, released on November 20, 2024. Organizations are advised to upgrade to this version or later to remediate the vulnerability. Rapid7's InsightVM and Nexpose customers can assess their exposure to CVE-2024-52052 using authenticated vulnerability checks available since the November 20, 2024 content release (Wowza Release Notes, Rapid7 Blog).
Community reactions
Wowza Media Systems has acknowledged the vulnerability and stated: "We at Wowza Media Systems are focused on security excellence, and by partnering with trusted researchers like Rapid7, we proactively respond to and fix vulnerabilities to safeguard our customers' interests" (Rapid7 Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management