cve/2024/CVE-2024-3462.md

### [CVE-2024-3462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3462)
![](https://img.shields.io/static/v1?label=Product&message=Ant%20Media%20Server%20Community%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-302%20Authentication%20Bypass%20by%20Assumed-Immutable%20Data&color=brightgreen)

### Description

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds