Wowza Streaming Engine Addresses Multiple Security Vulnerabilities
/ 1 min read
Multiple vulnerabilities in Wowza Streaming Engine fixed. Wowza Streaming Engine v4.9.1 has addressed several critical vulnerabilities that could allow unauthenticated attackers to exploit the system, including a stored cross-site scripting (XSS) attack that could lead to remote code execution with root privileges on Linux and LocalSystem on Windows. The vulnerabilities, tracked as CVE-2024-52052 through CVE-2024-52056, were reported by Rapid7 and have been patched as of November 20, 2024. Approximately 18,500 Wowza servers are currently exposed to the internet, highlighting the urgency of the update. Users are advised to upgrade to the latest version to mitigate these risks.