CVE-2016-20033
Published: 16 March 2026
Summary
CVE-2016-20033 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Wowza Streaming Engine. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-34 (Non-modifiable Executable Programs).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces non-modifiability of executable programs such as nssm_x64.exe in service directories, directly preventing replacement due to improper file permissions.
Mandates secure configuration settings including restrictive file permissions to block low-privileged authenticated users from overwriting service binaries.
Monitors integrity of critical software like service executables to identify unauthorized replacements by authenticated users.
NVD Description
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in…
more
the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.
Deeper analysisAI
CVE-2016-20033 is a local privilege escalation vulnerability affecting Wowza Streaming Engine 4.5.0. The issue arises from improper file permissions that grant full access to the Everyone group, enabling authenticated users to replace executable files in the manager and engine service directories. Specifically, attackers can overwrite the nssm_x64.exe binary with malicious executables, which is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) and scored 7.8 on CVSS 3.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An authenticated local user with low privileges can exploit this vulnerability by replacing the nssm_x64.exe file in the affected service directories. When the manager or engine services restart, the malicious executable runs with LocalSystem privileges, allowing the attacker to achieve full control over the system, including high impacts on confidentiality, integrity, and availability.
Advisories and references, including those from Zero Science Labs (http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5339.php), Exploit-DB (https://www.exploit-db.com/exploits/40132), and VulnCheck (https://www.vulncheck.com/advisories/wowza-streaming-engine-local-privilege-escalation-via-nssm-x64-exe), detail the vulnerability and provide proof-of-concept exploits, emphasizing the need to address improper file permissions to prevent escalation.
Details
- CWE(s)