Vulnerability — CVE-2023-0391

CVE-2023-0391

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-0391
Description:: MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
Last updated date:: 03/27/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/27/2023
Reference url to background: https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/27/2023
Reference url to background: https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/