CVE-2023-45312
CVE-2023-45312
In short
MTProto proxy versions up to 0.7.2 for Erlang allow unauthenticated remote attackers to execute commands on the server without logging in. This happens because the default installation is improperly secured, putting any exposed server at immediate risk.
Technical detail
The MTProto proxy component fails to enforce authentication controls on default installations, allowing a remote, low-privileged attacker to gain unauthorized access and execute arbitrary commands. The vulnerability affects versions through 0.7.2 and requires no authentication, making it easily exploitable against exposed instances.
Summary generated and translated by AI from the official description.
In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →