CVE-2024-52054

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/	Third Party Advisory
https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes	Release Notes

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

17 Jun 2026, 08:06

Type	Values Removed	Values Added
First Time		Linux linux Kernel Microsoft windows Wowza streaming Engine Wowza Linux Microsoft
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 2.7
Summary		(es) El Path Traversal en el componente Administrador de Wowza Streaming Engine anterior a 4.9.1 permite que un usuario administrador cree un archivo de definición XML en cualquier parte del sistema de archivos.
References	~~() https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/ -~~	() https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/ - Third Party Advisory
References	~~() https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes -~~	() https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes - Release Notes
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:wowza:streaming_engine:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::*

21 Nov 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-21 23:15

Updated : 2026-06-17 08:06

NVD link : CVE-2024-52054

Mitre link : CVE-2024-52054

CVE.ORG link : CVE-2024-52054

JSON object : View

Products Affected

microsoft

windows

wowza

streaming_engine

linux

linux_kernel

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-52054", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-52054", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-21T23:30:38.849280Z"}}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cve@rapid7.com", "affectedData": [{"vendor": "Wowza", "product": "Streaming Engine", "versions": [{"status": "affected", "version": "4.3.0", "lessThan": "4.9.1", "versionType": "cpe"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}]}], "published": "2024-11-21T23:15:05.627", "references": [{"url": "https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/", "tags": ["Third Party Advisory"], "source": "cve@rapid7.com"}, {"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes", "tags": ["Release Notes"], "source": "cve@rapid7.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an\u00a0administrator user to create an XML definition file anywhere on the file system."}, {"lang": "es", "value": "El Path Traversal en el componente Administrador de Wowza Streaming Engine anterior a 4.9.1 permite que un usuario administrador cree un archivo de definici\u00f3n XML en cualquier parte del sistema de archivos."}], "lastModified": "2026-06-17T08:06:52.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C357CE-A354-4C63-96CD-828EF5C986E2", "versionEndExcluding": "4.9.1", "versionStartIncluding": "4.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@rapid7.com"}