CVE-2023-0391 Vulnerability Details

  /     /     /  

CVE-2023-0391 Metadata Quick Info

CVE Published: 21/03/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: rapid7 | Vendor: MGT-COMMERCE | Product: CloudPanel
Status : PUBLISHED

---

CVE-2023-0391 Description

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-321
CWE Name: CWE-321 Use of Hard-coded Cryptographic Key
Source: MGT-COMMERCE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).