CVE-2021-31540
📋 TL;DR
This vulnerability in Wowza Streaming Engine allows local users to read and modify configuration files due to overly permissive file permissions. This affects default installations of Wowza Streaming Engine up to version 4.8.5. Attackers with local access can alter server configurations, potentially compromising the streaming service.
💻 Affected Systems
- Wowza Streaming Engine
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker modifies configuration to execute arbitrary code, gain remote access, or disrupt streaming services completely.
Likely Case
Local users escalate privileges, modify streaming settings, or expose sensitive configuration data.
If Mitigated
With proper access controls, only authorized administrators can modify configurations, limiting impact to unauthorized changes.
🎯 Exploit Status
Exploitation requires local user access; no authentication bypass needed beyond local system access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.8.12
Vendor Advisory: https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes
Restart Required: Yes
Instructions:
1. Backup current configuration files. 2. Upgrade to Wowza Streaming Engine 4.8.12 or later. 3. Restart the Wowza service. 4. Verify file permissions are corrected.
🔧 Temporary Workarounds
Manual Permission Correction
linuxChange file permissions on configuration files to restrict access to authorized users only.
chmod 600 /usr/local/WowzaStreamingEngine/conf/*
chown wowza:wowza /usr/local/WowzaStreamingEngine/conf/*
Windows ACL Adjustment
windowsModify Windows ACLs to restrict configuration file access to administrators only.
icacls "C:\Program Files (x86)\Wowza Media Systems\Wowza Streaming Engine 4.x.x\conf\*" /inheritance:r /grant "Administrators:(F)" /grant "SYSTEM:(F)"
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to Wowza servers.
- Monitor configuration files for unauthorized changes using file integrity monitoring tools.
🔍 How to Verify
Check if Vulnerable:
Check file permissions on configuration files in the conf/ directory. If regular users have write access, the system is vulnerable.Check Version:
Check the version in Wowza Streaming Engine Manager or run: cat /usr/local/WowzaStreamingEngine/conf/VERSION.txtVerify Fix Applied:
Verify that configuration files in conf/ directory have permissions restricting write access to authorized users only (e.g., 600 on Linux).📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to configuration files
- Changes to configuration files outside of maintenance windows
Network Indicators:
- Unexpected changes in streaming behavior or server configuration
SIEM Query:
source="Wowza" AND (event="file_modification" OR event="permission_change") AND file_path="*conf/*"🔗 References
- https://www.gruppotim.it/redteam
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes
- https://www.wowza.com/products/streaming-engine
- https://www.gruppotim.it/redteam
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes
- https://www.wowza.com/products/streaming-engine
