CVE-2024-3462

CVE-2024-3462: Authorization bypass in Ant Media Server

Vendor Ant Media
Product Ant Media Server Community Edition
Weakness CWE-302
Published May 13, 2024
Last update November 7, 2024

CVSS base score

What the vulnerability does

01Description

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.  All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

Key dates

02Disclosure timeline

May 13, 2024 CVE published
November 7, 2024 Record updated