CVE-2023-0391

Published Mar 21, 2023

Last updated 2 years ago

Overview

Description: MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
Source: cve@rapid7.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-798
cve@rapid7.com: CWE-321

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mgt-commerce:cloudpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CDC9617-57AC-4528-9088-57B84A999366",
            "versionEndExcluding": "2.2.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References