漏洞标题
Ant Media Server存在本地权限提升漏洞
漏洞描述信息
N/A
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
认证机制不恰当
漏洞标题
Ant Media Server vulnerable to local privilege escalation
漏洞描述信息
Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
授权机制缺失
漏洞标题
Ant Media Server 安全漏洞
漏洞描述信息
Ant Media Server是Ant Media开源的一款实时流媒体引擎软件。通过使用延迟约 0.5 秒的 WebRTC 技术提供自适应超低延迟流媒体。 Ant Media Server 2.6.0版本至2.8.2版本存在安全漏洞。攻击者利用该漏洞可以提升权限。
CVSS信息
N/A
漏洞类别
其他