CVE-2020-12695

high

Description

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

From the Tenable Blog

CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices At Risk
CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices At Risk

Published: 2020-06-08

Universal Plug and Play (UPnP), a ubiquitous protocol used by “billions of devices,” may be vulnerable to data exfiltration and reflected amplified TCP distributed denial of service (DDoS) attacks.

References

https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective

https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of

https://www.kb.cert.org/vuls/id/339275

https://www.debian.org/security/2021/dsa-4898

https://www.debian.org/security/2020/dsa-4806

https://www.callstranger.com

https://usn.ubuntu.com/4494-1/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/

https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html

https://github.com/yunuscadirci/CallStranger

https://github.com/corelight/callstranger-detector

https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/

http://www.openwall.com/lists/oss-security/2020/06/08/2

http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html

Details

Source: Mitre, NVD

Published: 2020-06-08

Updated: 2024-04-08

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

Severity: High