CVE-2020-12695
Description
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
EPSS Score
Exploitation Probability
3.029
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| minidlna security update(DSA-4806-1) minidlna_1.2.1+dfsg-2+deb10u1_i386.deb | Linux |
| minidlna security update(DSA-4806-1) minidlna_1.2.1+dfsg-2+deb10u1_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-4722-1) minidlna_1.1.5+dfsg-2ubuntu0.1_i386.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-4722-1) minidlna_1.1.5+dfsg-2ubuntu0.1_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-4722-1) minidlna_1.2.1+dfsg-2ubuntu0.1_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-4722-1) minidlna_1.2.1+dfsg-1ubuntu0.18.04.1_i386.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-4722-1) minidlna_1.2.1+dfsg-1ubuntu0.18.04.1_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-4722-1) minidlna_1.2.1+dfsg-1ubuntu0.20.04.1_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.4-0ubuntu6.7_i386.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.4-0ubuntu6.7_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.9-1ubuntu4.2_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.9-1ubuntu8.1_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.6-15ubuntu2.7_i386.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.6-15ubuntu2.7_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) wpasupplicant_2.4-0ubuntu6.7_i386.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) wpasupplicant_2.4-0ubuntu6.7_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) wpasupplicant_2.9-1ubuntu4.2_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) wpasupplicant_2.9-1ubuntu8.1_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) wpasupplicant_2.6-15ubuntu2.7_i386.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) wpasupplicant_2.6-15ubuntu2.7_amd64.deb | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gssdp-1.0.5-1.el8.i686.rpm | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gssdp-1.0.5-1.el8.x86_64.rpm | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gssdp-debugsource-1.0.5-1.el8.i686.rpm | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gssdp-debugsource-1.0.5-1.el8.x86_64.rpm | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gupnp-1.0.6-1.el8.i686.rpm | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gupnp-1.0.6-1.el8.x86_64.rpm | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gupnp-debugsource-1.0.6-1.el8.i686.rpm | Linux |
| (RHSA-2021:1789) gssdp and gupnp security update gupnp-debugsource-1.0.6-1.el8.x86_64.rpm | Linux |
| (RHSA-2021:1789)Moderate: and gupnp security update gssdp-debuginfo-1.0.5-1.el8.i686.rpm | Linux |
| (RHSA-2021:1789)Moderate: and gupnp security update gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm | Linux |
| (RHSA-2021:1789)Moderate: and gupnp security update gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm | Linux |
| (RHSA-2021:1789)Moderate: and gupnp security update gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm | Linux |
| (RHSA-2021:1789)Moderate: and gupnp security update gupnp-debuginfo-1.0.6-1.el8.i686.rpm | Linux |
| (RHSA-2021:1789)Moderate: and gupnp security update gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm | Linux |
| framework for creating UPnP devices and control points (USN-4494-1) libgupnp-1.2-0_1.2.3-0ubuntu0.20.04.1_i386.deb | Linux |
| framework for creating UPnP devices and control points (USN-4494-1) libgupnp-1.2-0_1.2.3-0ubuntu0.20.04.1_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.9-1ubuntu4.2_amd64.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.6-15ubuntu2.7_i386.deb | Linux |
| client support for WPA and WPA2 (USN-4734-1) hostapd_2.6-15ubuntu2.7_amd64.deb | Linux |
| gssdp and gupnp security update (RLSA-2021:1789) gssdp-1.0.5-1.el8.i686.rpm | Linux |
| gssdp and gupnp security update (RLSA-2021:1789) gssdp-1.0.5-1.el8.x86_64.rpm | Linux |
| Gssdp update (ELSA-2021-1789) gssdp-1.0.5-1.el8.i686.rpm | Linux |
| Gssdp update (ELSA-2021-1789) gssdp-1.0.5-1.el8.x86_64.rpm | Linux |
| Gupnp update (ELSA-2021-1789) gupnp-1.0.6-1.el8.i686.rpm | Linux |
| Gupnp update (ELSA-2021-1789) gupnp-1.0.6-1.el8.x86_64.rpm | Linux |
| Moderate: gssdp and gupnp security update gssdp-1.0.5-1.el8.i686.rpm | Linux |
| Moderate: gssdp and gupnp security update gssdp-1.0.5-1.el8.x86_64.rpm | Linux |
| Incorrect Default Permissions Vulnerability (CVE-2020-12695) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234