CVE-2023-32348

Description

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08	government resource third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2023-32348?: CVE-2023-32348 has been scored as a medium severity vulnerability.
How to fix CVE-2023-32348?: To fix CVE-2023-32348, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-32348 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-32348 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-32348?: CVE-2023-32348 affects Teltonika Remote Management System.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-918 – Server-Side Request Forgery (SSRF)

References

Frequently Asked Questions