CVE-2024-52055
📋 TL;DR
This vulnerability allows an authenticated administrator user in Wowza Streaming Engine to read arbitrary files on the server through path traversal. The exploit requires the target directory to contain an XML definition file. Only systems running Wowza Streaming Engine below version 4.9.1 are affected.
💻 Affected Systems
- Wowza Streaming Engine
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Administrator credentials are compromised, allowing an attacker to read sensitive system files (passwords, configuration files, private keys) leading to full system compromise.
Likely Case
An administrator with legitimate access abuses this vulnerability to read files outside their intended scope, potentially exposing sensitive data.
If Mitigated
With proper access controls and monitoring, impact is limited to file reads within directories accessible to the Wowza process.
🎯 Exploit Status
Exploitation requires valid administrator credentials and knowledge of target file paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.9.1
Vendor Advisory: https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes
Restart Required: Yes
Instructions:
1. Download Wowza Streaming Engine 4.9.1 from official site. 2. Backup current configuration. 3. Run installer/upgrade. 4. Restart Wowza service.
🔧 Temporary Workarounds
Restrict Administrator Access
allLimit administrator accounts to only trusted personnel and implement strong authentication.
File System Permissions
linuxRestrict Wowza process permissions to only necessary directories using OS-level access controls.
chmod -R 750 /usr/local/WowzaStreamingEngine
chown -R wowza:wowza /usr/local/WowzaStreamingEngine
🧯 If You Can't Patch
- Implement strict access controls and monitoring for administrator accounts
- Apply principle of least privilege to Wowza service account file system access
🔍 How to Verify
Check if Vulnerable:
Check Wowza version via Manager interface or configuration files. If version is below 4.9.1, system is vulnerable.Check Version:
cat /usr/local/WowzaStreamingEngine/VERSION.txtVerify Fix Applied:
Confirm version is 4.9.1 or higher in Manager interface or by checking VERSION.txt in installation directory.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in Wowza logs
- Multiple failed authentication attempts followed by successful login
Network Indicators:
- Unusual outbound data transfers from Wowza server
SIEM Query:
source="wowza.log" AND ("file access" OR "path traversal" OR "../")