CVE-2018-4059

CRITICAL

coturn < 4.5.0.9 - Unauthenticated Administrator Access via TELNET Admin Portal

Title source: llm
STIX 2.1

Description

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733

Scores

CVSS v3 9.8
EPSS 0.0190
EPSS Percentile 77.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
coturn_project/coturn < 4.5.0.9
Published Mar 21, 2019
Tracked Since Feb 18, 2026