Teltonika Remote Management System OpenVPN Server Vulnerability

Teltonika Remote Management System OpenVPN Server Vulnerability

CVE-2023-32348 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.

Learn more about our Cis Benchmark Audit For Server Software.