103 matches found
CVE-2021-21382 Unsafe loopback forwarding interface in Restund
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship...
Restund 安全漏洞
Restund is an open source network traversal server. A security vulnerability exists in Restund that stems from Restund is an open source NAT traversal server that can be instructed to return a TURN server to open a relay to a range of loopback addresses, which allows you to access any other servi...
PT-2021-4479 · Restund · Restund
Name of the Vulnerable Software and Affected Versions: Restund affected versions not specified Description: The issue is related to the Restund TURN server, which can be instructed to open a relay to the loopback address range, potentially exposing private services running on localhost. An attack...
Nextcloud: Talk discloses turn server to anybody
The attack is straight forward. 1. send a request to bash curl -H 'OCS-APIREQUEST: true' https://server/ocs/v2.php/apps/spreed/api/v2/signaling/settings And you get back a lot of information. signaling server stun server turn server inc credentials The stun server is harmless enough. I did not lo...
[SECURITY] Fedora 33 Update: coturn-4.5.2-1.fc33
The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...
Fedora 32 : coturn (2021-32d0068851)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-32d0068851 advisory. - Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and rela...
CVE-2020-26262 Loopback bypass in Coturn
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...
CoTURN Authorization Issues Vulnerability
CoTURN is an open source implementation of TURN VoIP Media Services NAT Traversal Server and Gateway and STUN Simple Traversal of Network Address Translator for User Datagram Protocol Server. Coturn suffers from an Authorization Problem vulnerability that can be exploited by an attacker to bypass...
Cisco Expressway Software Information Disclosure Vulnerability
Cisco Expressway is a powerful gateway solution that gives users outside your firewall simple, highly secure access to all collaborative work. An information disclosure vulnerability exists in the TURN server component in Cisco Expressway Software versions prior to X12.6.3. The vulnerability stem...
CVE-2020-3482
A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...
CVE-2020-3482
A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...
Design/Logic Flaw
A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...
CVE-2020-3482 Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability
A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...
CVE-2020-3482
CVE-2020-3482 affects Cisco Expressway’s TURN server component. The issue arises from improper validation of specific connection information, allowing an unauthenticated, remote attacker to bypass security controls and send traffic to destinations beyond the application. Impact could be unauthori...
Cisco Expressway Series 访问控制错误漏洞
Cisco Expressway is a powerful gateway solution that gives users outside your firewall simple, highly secure access to all collaborative work. An information disclosure vulnerability exists in the TURN server component in Cisco Expressway Software versions prior to X12.6.3. The vulnerability stem...
CVE-2020-11805
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...
Design/Logic Flaw
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...
CVE-2020-11805
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...
CVE-2020-11805
Technical details of CVE-2020-11805 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.
Cisco Meetings App Authorization Issues Vulnerability
Cisco Meetings App is a video conferencing application from Cisco USA. An authorization issue vulnerability exists in the API subsystem in Cisco Meetings App, which stems from a flaw in the protection mechanism for TURN server credentials. A remote attacker can exploit this vulnerability by...