{"uuid": "5237a282-99c0-4a8e-8987-c041d5880d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2588", "type": "seen", "source": "https://t.me/cibsecurity/64553", "content": "\u203c CVE-2023-2588 \u203c\n\nTeltonika\u00e2\u20ac\u2122s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices\u00e2\u20ac\u2122 local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T20:25:48.000000Z"}