cisco-sa-Expressway-8J3yZ7hV: Cisco Expressway Software TURN Server Configuration Issue

First published: Wed Nov 18 2020(Updated: )

The Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software supports the relay of media connections through a firewall using proxy services. As a result of this feature, interfaces such as the Cisco Expressway web administrative interface may become accessible from external networks. At the time of publication, documentation of the feature did not properly explain that users are able to bypass firewall protections that are designed to restrict access to the Cisco Expressway web administrative interface. However, an attacker must have credentials sufficient to use TURN services to be able to send network requests to the web administrative interface. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV

Credit: Christian Mehlmauer WienCERT

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/event
• agent/last-modified-date
• agent/first-publish-date
• collector/cisco-advisory
• source/Cisco
• agent/severity
• agent/author
• agent/references
• agent/weakness
• agent/title
• agent/description
• agent/source
• agent/tags
• agent/softwarecombine
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/cisco
• canonical/cisco telepresence vcs and expressway major