THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-3462

Authorization bypass in Ant Media Server

Reserved:2024-04-08
Published:2024-05-13
Updated:2024-05-13

Description

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.  All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unknown

Any version
affected

Credits

Maksym Brzęczek (efigo.pl) finder

References

https://antmedia.io/ product

https://cert.pl/en/posts/2024/05/CVE-2024-3462 third-party-advisory

https://cert.pl/posts/2024/05/CVE-2024-3462 third-party-advisory

cve.org CVE-2024-3462

nvd.nist.gov CVE-2024-3462

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3462