CVE-2024-3462

Summary

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.  All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

Affected Software

VendorProductVersion RangeStatus
Ant MediaAnt Media Server Community Edition0 <= 2.9.0affected

Weaknesses

  • CWE-302: CWE-302 Authentication Bypass by Assumed-Immutable Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References