QwikSec

Security Database

CVE

CWE

Training

CVE-2023-0391

Published: Mar 21, 2023

Modified: Feb 26, 2025

PUBLISHED

Description

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.

Vendor	Product	Versions
MGT-COMMERCE	CloudPanel	affected `0 - <= 2.2.0`

Weaknesses (CWE)

References

https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/

third-party-advisory

https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/

media-coverage

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.