CVE-2020-6062

high-risk

Published 2020-02-19

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.

Do I need to act?

~

8.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (10)

Coturn

Debian Linux

Debian Linux

Fedora

Fedora

Fedora

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Affected Vendors

Debian Canonical Fedoraproject Coturn Project

References (12)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985

Third Party Advisory https://usn.ubuntu.com/4415-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4711

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985

Third Party Advisory https://usn.ubuntu.com/4415-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4711

52

/ 100

high-risk

Severity 26/34 · High

Exploitability 10/34 · Low

Exposure 16/34 · Moderate