Cisco Security Advisory - Cisco Expressway Software TURN Server Configuration Issue

[Netwörkheäd]

Cisco Expressway Software TURN Server Configuration Issue

The Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software supports the relay of media connections through a firewall using proxy services. As a result of this feature, interfaces such as the Cisco Expressway web administrative interface may become accessible from external networks.

At the time of publication, documentation of the feature did not properly explain that users are able to bypass firewall protections that are designed to restrict access to the Cisco Expressway web administrative interface. However, an attacker must have credentials sufficient to use TURN services to be able to send network requests to the web administrative interface.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV

     
         
Security Impact Rating:  Informational
   
   
       
CVE: CVE-2020-3482
Source: Cisco Expressway Software TURN Server Configuration Issue