CVE-2018-4059
First published: Thu Mar 21 2019(Updated: )
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/coturn | 4.5.1.1-1.1+deb10u2 4.5.2-3 4.6.1-1 | |
| coturn | <4.5.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-4059?
CVE-2018-4059 is an exploitable unsafe default configuration vulnerability in the TURN server function of coTURN prior to version 4.5.0.9.
How severe is CVE-2018-4059?
CVE-2018-4059 has a severity rating of 9.8 (Critical).
What software is affected by CVE-2018-4059?
The coturn package on Debian versions up to 4.5.0.9 is affected by CVE-2018-4059.
How can I remediate CVE-2018-4059?
To remediate CVE-2018-4059, update the coturn package to version 4.5.0.9 or higher.
- collector/security-tracker-debian
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/coturn project
- canonical/coturn