• UPnP vulnerability lets attackers steal data

    A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks.

     

    CVE-2020-12695

     

    About UPnP

    UPnP is a set of networking protocols that allows networked devices to automatically discover and interact with each other when on the same network.

     

    UPnP is intended primarily for residential and SOHO wireless networks. It is designed to be used in a trusted local area network (LAN) and so the protocol does not implement any form of authentication or verification. That’s one of the reasons why some UPnP devices are shipped with the protocol turned off by default and it’s on administrators to enable it, if needed.

     

    The development of the UPnP protocol is managed by the Open Connectivity Foundation (OCF), a standards organization whose goal is to promote the interoperability of connected devices.

     

    About the vulnerability (CVE-2020-12695)

    CVE-2020-12695 (aka “CallStranger”) was discovered by security researcher Yunus Çadırcı and privately reported to the OFC in late 2019.

     

    “The vulnerability (…) is caused by Callback header value in UPnP SUBSCRIBE function can be controlled by an attacker and enables an SSRF-like vulnerability which affects millions of Internet facing and billions of LAN devices,” Çadırcı explained.

    Know more about the remote freelance jobs.

    More technical details are available here but, in short, the vulnerability can be used to bypass DLP and network security devices to exfiltrate data, scan internal ports, and force millions of Internet-facing UPnP devices to become a source of amplified reflected TCP DDoS.


  • Commentaires

    Aucun commentaire pour le moment

    Suivre le flux RSS des commentaires


    Ajouter un commentaire

    Nom / Pseudo :

    E-mail (facultatif) :

    Site Web (facultatif) :

    Commentaire :