vulnerability

Debian: CVE-2018-4059: coturn -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jan 28, 2019	Jan 29, 2019	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 28, 2019

Added

Jan 29, 2019

Modified

Mar 30, 2026

Description

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.

Solution

debian-upgrade-coturn

References

CVE-2018-4059
https://attackerkb.com/topics/CVE-2018-4059
CWE-862
DEBIAN-DSA-4373
EUVD-EUVD-2018-15845
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-15845

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report