Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product

Researchers from TIM’s Red Team Research (RTR) have discovered another 4 new zero-day vulnerabilities in the WOWZA Streaming Engine product. Last month, the TIM’s Red Team Research (RTR) disclosed 2 new vulnerabilities affecting the Oracle Business Intelligence product with High severity. Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilities […]

WOWZA Streaming Engine

Researchers from TIM’s Red Team Research (RTR) have discovered another 4 new zero-day vulnerabilities in the WOWZA Streaming Engine product.

Last month, the TIM’s Red Team Research (RTR) disclosed 2 new vulnerabilities affecting the Oracle Business Intelligence product with High severity. Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilities that have been addressed by the manufacturer WOWZA Streaming Engine, between the end of 2019 and July 2020.

WOWZA Streaming Engine

Wowza Streaming Engine (known as Wowza Media Server) is a unified streaming media server software developed by Wowza Media Systems based in Colorado, in the United States of America and used by many US government entities such as NASA, US Air force, Boeing, New York Police Department and many other clients around the world.

The vulnerabilities discovered by the team, tracked as CVE-2019-19454, CVE-2019-19455, CVE-2019-19453 and CVE-2019-19456, are an “Arbitrary File Download”, “Path traversal” and 2 “Cross-site Scripting” (the first two with High Severity and the others with Medium one) respectively. The issues were discovered during laboratory tests, promptly managed in a CVD (Coordinated Vulnerability Disclosure) process with the vendor.

Some of these vulnerabilities can be chained together by a remote attacker to execute arbitrary code on the impacted system, they can also provide full access to all the data it contains, through the user interface.

The laboratory has been active for less than a year (based on the registered CVE) and unknown vulnerabilities have already been identified on various products including NOKIA, Selesta, and Oracle. The research team has identified a total of 16 new published CVEs, as reported on the NVD (National Vulnerability Database) and on TIM’s Corporate website, available at https://www.gruppotim.it/redteam.

TIM is one of the very few Italian industrial realities to conduct research of undocumented vulnerabilities, for this reason I suggest you to follow them carefully.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WOWZA Streaming Engine)

[adrotate banner=”5″]

[adrotate banner=”13″]