CVE-2018-4058

Name of the Vulnerable Software and Affected Versions coTURN versions prior to 4.5.0.9

Description The issue is related to an unsafe default configuration in the coTURN server, which allows the relaying of external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, potentially leading to further attacks. An attacker can exploit this by setting up a relay with a loopback address as the peer on an affected TURN server.

Recommendations For coTURN versions prior to 4.5.0.9, update to version 4.5.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the TURN server functionality to minimize the risk of exploitation.