Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j75v-963h-65p5

Опубликовано: 13 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 7.7

Описание

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

Ссылки

EPSS

Процентиль: 42%
0.00204
Низкий

7.7 High

CVSS3

CVE ID

CVE-2018-4058

Связанные уязвимости

ubuntu логотип

CVE-2018-4058

CVSS3: 7.7
ubuntu
почти 7 лет назад

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

nvd логотип

CVE-2018-4058

CVSS3: 7.7
nvd
почти 7 лет назад

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

debian логотип

CVE-2018-4058

CVSS3: 7.7
debian
почти 7 лет назад

An exploitable unsafe default configuration vulnerability exists in th ...

fstec логотип

BDU:2019-01560

CVSS3: 7.7
fstec
около 7 лет назад

Уязвимость сервера coTURN, связанная с ошибкой конфигурации, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 42%
0.00204
Низкий

7.7 High

CVSS3

CVE ID

CVE-2018-4058