CVE-2021-35492

{"id": "CVE-2021-35492", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-10-05T16:15:07.497", "references": [{"url": "https://n4nj0.github.io/advisories/wowza-streaming-engine-i/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.gruppotim.it/redteam", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)"}, {"lang": "es", "value": "Wowza Streaming Engine versiones hasta 4.8.11+5, podr\u00eda permitir a un atacante remoto autenticado agotar los recursos del sistema de archivos por medio del par\u00e1metro vhost /enginemanager/server/vhost/historical.jsdata. Esto es debido a una administraci\u00f3n insuficiente de los recursos disponibles del sistema de archivos. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la secci\u00f3n de monitorizaci\u00f3n de hosts virtuales al solicitar datos hist\u00f3ricos de hosts virtuales al azar y agotando los recursos disponibles del sistema de archivos. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar errores en la base de datos y causar que el dispositivo no responda a la administraci\u00f3n basada en la web. (Es requerida la intervenci\u00f3n manual para liberar los recursos del sistema de archivos y devolver la aplicaci\u00f3n a un estado operativo)"}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D284460-1EF4-4BBA-80DA-4012AE9B769E", "versionEndIncluding": "4.8.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}