Vulnerability Description
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mgt-Commerce | Cloudpanel | < 2.2.1 |
Related Weaknesses (CWE)
References
- https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-ExploitPress/Media CoverageThird Party Advisory
- https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpaneExploitThird Party Advisory
- https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-ExploitPress/Media CoverageThird Party Advisory
- https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpaneExploitThird Party Advisory
FAQ
What is CVE-2023-0391?
CVE-2023-0391 is a vulnerability with a CVSS score of 8.1 (HIGH). MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in ver...
How severe is CVE-2023-0391?
CVE-2023-0391 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0391?
Check the references section above for vendor advisories and patch information. Affected products include: Mgt-Commerce Cloudpanel.