In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
References
Configurations
History
07 Nov 2023, 04:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
18 Oct 2023, 14:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mtproto:mt_proto_proxy:*:*:*:*:*:erlang:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-1188 | |
References | (MISC) https://medium.com/@_sadshade/almost-2000-telegram-proxy-servers-are-potentially-vulnerable-to-rce-since-2018-742a455be16b - Exploit, Technical Description, Third Party Advisory | |
First Time |
Mtproto mt Proto Proxy
Mtproto |
10 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-10 21:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-45312
Mitre link : CVE-2023-45312
CVE.ORG link : CVE-2023-45312
JSON object : View
Products Affected
mtproto
- mt_proto_proxy
CWE
CWE-1188
Insecure Default Initialization of Resource