Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable …

CVE-2016-20033 is a local privilege escalation vulnerability in Wowza Streaming Engine 4.5.0. The vulnerability stems from improper file permissions that grant full access to the Everyone group. Authenticated attackers can exploit this by replacing the nssm_x64.exe binary in manager and engine service directories with malicious executables. When services restart, the malicious code executes with LocalSystem privileges. This allows authenticated users to escalate their privileges from normal user to system administrator level. The vulnerability affects the service management components of the streaming engine software.