An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published: 2019-03-21T14:30:59

Updated: 2024-08-05T05:04:29.198Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4059

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-21T16:00:54.140

Modified: 2024-11-21T04:06:39.870

Link: CVE-2018-4059

cve-icon Redhat

No data.