How severe is CVE-2024-32656?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-32656?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2024-32656 - HIGH Severity | CVSS 7.8

Vulnerability Description

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file.

Related Vulnerabilities

CVE-2012-0055

HIGH

CVSS:7.8(High)

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unaut...

CWE-8622012

CVE-2015-0571

HIGH

CVSS:7.8(High)

The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for p...

CWE-8622015

CVE-2017-0554

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate b...

CWE-8622017

CVE-2017-11042

HIGH

CVSS:7.8(High)

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.

CWE-8622017

CVE-2017-13209

HIGH

CVSS:7.8(High)

In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL ...

CWE-8622017

CVE-2017-13247

HIGH

CVSS:7.8(High)

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User inte...

CWE-8622017