CVE-2018-4059
CRITICALcoturn < 4.5.0.9 - Unauthenticated Administrator Access via TELNET Admin Portal
Title source: llmDescription
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733
Scores
CVSS v3
9.8
EPSS
0.0190
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
coturn_project/coturn
< 4.5.0.9
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026