PT-2022-6464 · Mgt Commerce · Mgt-Commerce Cloudpanel
Tod Beardsley
·
Published
2022-12-12
·
Updated
2023-03-27
·
CVE-2023-0391
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MGT-COMMERCE CloudPanel version 2.2.0
Description
The issue is related to the use of a static SSL certificate with a hardcoded cryptographic key in MGT-COMMERCE CloudPanel, which is shared across every installation. This could allow a remote attacker to gain unauthorized access to protected information. The behavior was observed in version 2.2.0, and there is no indication that it has been addressed in version 2.2.1.
Recommendations
For version 2.2.0, consider disabling the use of the static SSL certificate until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mgt-Commerce Cloudpanel