CVE-2018-4058

EPSS 0.18%
Veröffentlicht 21.03.2019 16:00:54
Zuletzt bearbeitet 21.11.2024 04:06:39
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Coturn Project ≫ Coturn Version < 4.5.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.393

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
talos-cna@cisco.com	7.7	3.1	4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732

Third Party Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-4058

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-4058

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-4058

EUVD