CVE-2024-32656Missing Authorization in Ant-media-server

CWE-862Missing Authorization4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 79.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ant-media Ant-media-server
Timeline
PublishedApr 22

Description

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerabili

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5ant-media/ant-media-server>= 2.6.0, < 2.9.0

🔴Vulnerability Details

3
CVEList
Ant Media Server vulnerable to local privilege escalation2024-04-22
GHSA
Ant Media Server vulnerable to a local privilege escalation2024-04-22
OSV
Ant Media Server vulnerable to a local privilege escalation2024-04-22
CVE-2024-32656 — Missing Authorization | cvebase