CVE-2018-4058Project Coturn vulnerability

7 documents6 sources
Severity
7.7HIGHNVD
EPSS
0.2%
top 60.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Coturn Project CoturnTalos Coturn
Timeline
PublishedMar 21
Latest updateMay 13

Description

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

NVDcoturn_project/coturn< 4.5.0.9
Debiancoturn_project/coturn< 4.5.1.0-1+3
CVEListV5talos/coturncoTURN 4.5.0.5

🔴Vulnerability Details

3
GHSA
GHSA-j75v-963h-65p5: An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 42022-05-13
OSV
CVE-2018-4058: An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 42019-03-21
CVEList
CVE-2018-4058: An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 42019-03-21

📋Vendor Advisories

1
Debian
CVE-2018-4058: coturn - An exploitable unsafe default configuration vulnerability exists in the TURN ser...2018

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in coTURN2019-01-29
Talos
Vulnerability Spotlight: Multiple vulnerabilities in coTURN2019-01-29
CVE-2018-4058 — Coturn Project Coturn vulnerability | cvebase