CVE-2016-20033
Published: 16 March 2026
Summary
CVE-2016-20033 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Wowza Streaming Engine. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-34 (Non-modifiable Executable Programs).
Deeper analysis
CVE-2016-20033 is a local privilege escalation vulnerability affecting Wowza Streaming Engine 4.5.0. The issue arises from improper file permissions that grant full access to the Everyone group, enabling authenticated users to replace executable files in the manager and engine service directories. Specifically, attackers can overwrite the nssm_x64.exe binary with malicious executables, which is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) and scored 7.8 on CVSS 3.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An authenticated local user with low privileges can exploit this vulnerability by replacing the nssm_x64.exe file in the affected service directories. When the manager or engine services restart, the malicious executable runs with LocalSystem privileges, allowing the attacker to achieve full control over the system, including high impacts on confidentiality, integrity, and availability.
Advisories and references, including those from Zero Science Labs (http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5339.php), Exploit-DB (https://www.exploit-db.com/exploits/40132), and VulnCheck (https://www.vulncheck.com/advisories/wowza-streaming-engine-local-privilege-escalation-via-nssm-x64-exe), detail the vulnerability and provide proof-of-concept exploits, emphasizing the need to address improper file permissions to prevent escalation.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10821
Vulnerability details
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in…
more
the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct weak service binary permissions (Everyone full control on nssm_x64.exe) allow replacement of executable run by SYSTEM services, enabling local privilege escalation via T1574.010 and T1068.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces non-modifiability of executable programs such as nssm_x64.exe in service directories, directly preventing replacement due to improper file permissions.
Mandates secure configuration settings including restrictive file permissions to block low-privileged authenticated users from overwriting service binaries.
Monitors integrity of critical software like service executables to identify unauthorized replacements by authenticated users.