Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wire:restund:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D7F9B8F-81E2-4580-AED0-6F640F05CF2F", "versionEndExcluding": "0.4.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, 'any' addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don't want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal."}, {"lang": "es", "value": "Restund es un servidor de salto NAT de c\u00f3digo abierto. El servidor TURN de Restund puede ser instruido para abrir un rel\u00e9 al rango de direcciones loopback. Esto le permite llegar a cualquier otro servicio que se ejecute en localhost y que pueda considerar privado. En la configuraci\u00f3n que enviamos (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) la interfaz \"status\" de restund est\u00e1 habilitada y est\u00e1 escuchando en \"127.0.0.1\". La interfaz \"status\" permite a los usuarios emitir comandos administrativos a \"restund\" como listar los rel\u00e9s abiertos o drenar las conexiones. Ser\u00eda posible para un atacante contactar con la interfaz de estado y emitir comandos administrativos estableciendo el par\u00e1metro \"XOR-PEER-ADDRESS\" en \"127.0.0.1:{{restund_udp_status_port}} al abrir un canal TURN. Ahora desestimamos expl\u00edcitamente la retransmisi\u00f3n a direcciones de bucle invertido, direcciones \"any\", direcciones locales de enlace y la direcci\u00f3n de difusi\u00f3n. Como soluci\u00f3n, desactive el m\u00f3dulo \"status\" en su configuraci\u00f3n de Restund. Sin embargo, es posible que haya otros servicios que se ejecuten en \"127.0.0.0/8\" que no quieras que est\u00e9n expuestos. El m\u00f3dulo \"turn\" puede ser deshabilitado. Restund seguir\u00e1 llevando a cabo STUN y esto podr\u00eda ser suficiente para iniciar llamadas en sus entornos. TURN es s\u00f3lo usado como \u00faltimo recurso cuando otras opciones de salto de NAT no funcionan. Tambi\u00e9n hay que asegurarse de que el servidor TURN est\u00e1 configurado con reglas de firewall para que no pueda retransmitir a otras direcciones a las que no quieres que el servidor TURN retransmita. Por ejemplo, otros servicios en la misma VPC donde se ejecuta el servidor TURN. Lo, ID de Android:eal es que los servidores TURN se desplieguen de forma aislada donde s\u00f3lo puedan alcanzar lo que necesitan para llevar a cabo su tarea de asistir al salto del NAT"}], "id": "CVE-2021-21382", "lastModified": "2024-11-21T05:48:14.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-11T21:15:09.637", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://docs.wire.com/understand/restund.html"}, {"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/wireapp/restund/pull/7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/wireapp/restund/security/advisories/GHSA-96j5-w9jq-pv2x"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"}, {"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.wire.com/understand/restund.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/wireapp/restund/pull/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/wireapp/restund/security/advisories/GHSA-96j5-w9jq-pv2x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}