CVE-2018-4058
CVE-2018-4058
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.7EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 mar 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Productos afectados
Talos · coTURN¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →