MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
References
Link | Resource |
---|---|
https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/ | Exploit Press/Media Coverage Third Party Advisory |
https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/ | Exploit Third Party Advisory |
Configurations
History
27 Mar 2023, 22:21
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CWE | CWE-798 | |
References |
|
|
References | (MISC) https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:mgt-commerce:cloudpanel:*:*:*:*:*:*:*:* |
21 Mar 2023, 22:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-21 20:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-0391
Mitre link : CVE-2023-0391
CVE.ORG link : CVE-2023-0391
JSON object : View
Products Affected
mgt-commerce
- cloudpanel