CVE-2024-32656

Summary

CVE-2024-32656 is a local privilege escalation vulnerability found in Ant Media Server versions 2.6.0 through 2.8.2. This vulnerability allows any unprivileged operating system user to gain root user privileges on the system. It occurs due to Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. An attacker can exploit this vulnerability by connecting to the JMX service and loading a remote MBean from an attacker-controlled server, allowing them to execute arbitrary code within the Java process of Ant Media Server and gain access to the `antmedia` service account on the system. The issue has been patched in version 2.9.0, but as a workaround, users can disable JMX or enable authentication for JMX access to mitigate the risk. This vulnerability poses a high risk to organizations as it can lead to unauthorized privilege escalation and potential compromise of sensitive data or systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.