CVE-2016-20035
CSRF in Wowza Streaming Engine 4.5.0 Enables Admin Account Creation
Publication date: 2026-03-16
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wowza | streaming_engine | 4.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2016-20035 is a Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine version 4.5.0. It allows attackers to perform unauthorized administrative actions by tricking logged-in administrators into visiting malicious web pages. These pages submit crafted POST requests to the user edit endpoint, enabling the attacker to create new administrator accounts with arbitrary credentials without the administrator's consent."}, {'type': 'paragraph', 'content': 'The vulnerability exists because the application interface processes certain HTTP requests without validating their authenticity, lacking proper CSRF protections.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to escalate privileges by creating new administrator accounts on the Wowza Streaming Engine server without authorization. If a logged-in administrator visits a malicious website, the attacker can exploit the vulnerability to gain administrative control over the server.
With administrative access, the attacker can perform privileged actions, potentially compromising the security and management of the streaming server.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests to the user edit endpoint of the Wowza Streaming Engine web interface, specifically requests targeting `/enginemanager/server/user/edit.htm` that attempt to create or modify user accounts with administrative privileges.'}, {'type': 'paragraph', 'content': 'Detection can involve inspecting web server logs or network traffic for suspicious POST requests containing parameters such as `userName`, `userPassword`, `accessLevel` set to "admin", and `advUser` set to "true".'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity might include using tools like `grep` on server logs or `tcpdump`/`Wireshark` to capture and filter HTTP POST requests:'}, {'type': 'list_item', 'content': "grep -i 'POST /enginemanager/server/user/edit.htm' /path/to/access.log"}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'userName\\|accessLevel\\|advUser'"}, {'type': 'paragraph', 'content': 'Additionally, reviewing the list of users on the Wowza Streaming Engine for unexpected new administrator accounts can help identify exploitation.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Wowza Streaming Engine administrative interface to trusted networks and users only.
Implementing CSRF protections such as requiring tokens for POST requests to sensitive endpoints can prevent unauthorized administrative actions.
Administrators should also avoid visiting untrusted websites while logged into the Wowza Streaming Engine management interface to reduce the risk of CSRF attacks.
Review and remove any unauthorized administrator accounts that may have been created due to this vulnerability.
If available, apply vendor patches or updates that address this vulnerability.