Vulnerabilities > CVE-2023-32348 - Server-Side Request Forgery (SSRF) vulnerability in Teltonika Remote Management System

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

teltonika

CWE-918

NVD

Published: 2023-05-22

Updated: 2023-06-01

Summary

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.

Vulnerable Configurations

Part	Description	Count
Application	Teltonika Teltonika Remote Management System *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08