ALT-PU-2014-1157-1
Closed vulnerabilities
Published: 2020-11-29
BDU:2021-01329
Уязвимость спецификации Open Connectivity Foundation UPnP, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity: HIGH (7.8)
References:
Published: 2020-06-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
References:
- http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
- [oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP
- https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
- https://github.com/corelight/callstranger-detector
- https://github.com/yunuscadirci/CallStranger
- [debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update
- [debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update
- FEDORA-2020-e538e3e526
- FEDORA-2020-df3e1cfde9
- FEDORA-2020-1f7fc0d0c9
- USN-4494-1
- https://www.callstranger.com
- DSA-4806
- DSA-4898
- https://www.kb.cert.org/vuls/id/339275
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
- http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
- https://www.kb.cert.org/vuls/id/339275
- DSA-4898
- DSA-4806
- https://www.callstranger.com
- USN-4494-1
- FEDORA-2020-1f7fc0d0c9
- FEDORA-2020-df3e1cfde9
- FEDORA-2020-e538e3e526
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update
- [debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update
- [debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update
- https://github.com/yunuscadirci/CallStranger
- https://github.com/corelight/callstranger-detector
- https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
- [oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP