Primary

Context

Wowza Streaming Engine Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in Wowza Streaming Engine version 4.5.0. This vulnerability allows authenticated read-only users to gain administrative privileges by manipulating POST parameters. By sending requests to the user edit endpoint with the accessLevel parameter set to 'admin' and the advUser parameters set to 'true' and 'on', users can elevate their rights to that of an administrator.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling read-only users to gain administrative rights on the server.

Reproduction

To reproduce this vulnerability, send a POST request to the user edit endpoint of the Wowza Streaming Engine management interface. Include the accessLevel parameter set to 'admin' and the advUser parameters set to 'true' and '_advUser' set to 'on'. This will grant the user administrative access.

Added: Mar 16, 2026, 3:09 PM

Updated: Mar 16, 2026, 3:09 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.8

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.8

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wowza Streaming Engine Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Wowza Streaming Engine

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating