MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
References
| Link | Resource |
|---|---|
| https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/ | Exploit Press/Media Coverage Third Party Advisory |
| https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/ | Exploit Press/Media Coverage Third Party Advisory |
| https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/ | Exploit Third Party Advisory |
| https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/ | Exploit Third Party Advisory |
Configurations
History
26 Feb 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/ - Exploit, Press/Media Coverage, Third Party Advisory | |
| References | () https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/ - Exploit, Third Party Advisory |
Information
Published : 2023-03-21 20:15
Updated : 2025-02-26 17:15
NVD link : CVE-2023-0391
Mitre link : CVE-2023-0391
JSON object : View
Products Affected
mgt-commerce
- cloudpanel
CWE
CWE-798
Use of Hard-coded Credentials