CVE-2011-1165

critical

Description

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

References

https://bugzilla.redhat.com/show_bug.cgi?id=678846

https://bugzilla.gnome.org/show_bug.cgi?id=594521

http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40

http://rhn.redhat.com/errata/RHSA-2013-0169.html

Details

Source: Mitre, NVD

Published: 2013-03-12

Updated: 2013-03-19

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical