UPnP信息泄漏漏洞

admin

0
文章

0
评论

2023-12-01 21:23:17 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 UPnP信息泄漏漏洞

CVE编号

CVE-2020-12695

利用情况

POC 已公开

补丁情况

官方补丁

披露时间

2020-06-09

漏洞描述

UPnP是Open Connectivity Foundation基金会的一款通用即插即用协议。 UPnP 2020-04-17之前版本中存在安全漏洞。攻击者可借助SUBSCRIBE功能利用该漏洞将流量发送到任意位置，导致拒绝服务或数据泄露。

解决建议

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：https://openconnectivity.org/

参考链接
http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-C...
http://www.openwall.com/lists/oss-security/2020/06/08/2
https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnera...
https://github.com/corelight/callstranger-detector
https://github.com/yunuscadirci/CallStranger
https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://usn.ubuntu.com/4494-1/
https://www.callstranger.com
https://www.debian.org/security/2020/dsa-4806
https://www.debian.org/security/2021/dsa-4898
https://www.kb.cert.org/vuls/id/339275
https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-uni...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	ui	unifi_controller	-	-
	运行在以下环境
	应用	w1.fi	hostapd	*		Up to (excluding) 2.0.0
	运行在以下环境
	系统	alpine_3.10	hostapd	*		Up to (excluding) 2.8-r3
	运行在以下环境
	系统	alpine_3.11	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.12	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.13	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.14	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.15	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.16	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.17	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.18	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	alpine_3.9	hostapd	*		Up to (excluding) 2.7-r6
	运行在以下环境
	系统	alpine_edge	hostapd	*		Up to (excluding) 2.9-r2
	运行在以下环境
	系统	centos_8	gssdp	*		Up to (excluding) 1.0.5-1.el8
	运行在以下环境
	系统	debian_10	gupnp	*		Up to (excluding) 1.0.5-0+deb10u1
	运行在以下环境
	系统	debian_11	gupnp	*		Up to (excluding) 2:2.9.0-16
	运行在以下环境
	系统	debian_12	gupnp	*		Up to (excluding) 2:2.9.0-16
	运行在以下环境
	系统	debian_9	gupnp	*		Up to (excluding) 1.0.1-1+deb9u1
	运行在以下环境
	系统	debian_sid	gupnp	*		Up to (excluding) 2:2.9.0-16
	运行在以下环境
	系统	fedora_31	gssdp-docs	*		Up to (excluding) 1.0.4-1.fc31
	运行在以下环境
	系统	fedora_32	hostapd-logwatch	*		Up to (excluding) 1.0.4-1.fc32
	运行在以下环境
	系统	fedora_EPEL_7	hostapd-logwatch	*		Up to (excluding) 2.9-3.el7
	运行在以下环境
	系统	fedora_EPEL_8	hostapd-logwatch	*		Up to (excluding) 2.9-4.el8
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	gupnp	*		Up to (excluding) 1.2.4-1.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	gupnp	*		Up to (excluding) 1.2.4-1.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	gupnp	*		Up to (excluding) 1.2.4-1.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	gupnp	*		Up to (excluding) 1.2.4-1.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	gupnp	*		Up to (excluding) 1.2.4-1.ky10
	运行在以下环境
	系统	opensuse_Leap_15.1	minidlna	*		Up to (excluding) 1.3.0-lp151.3.3.1
	运行在以下环境
	系统	opensuse_Leap_15.2	hostapd	*		Up to (excluding) 1.3.0-lp152.4.3.1
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 1.0.5-1.el8
	运行在以下环境
系统	redhat_8	gssdp	*		Up to (excluding) 1.0.5-1.el8
运行在以下环境
系统	ubuntu_16.04	gupnp	*		Up to (excluding) 2.4-0ubuntu6.7
运行在以下环境
系统	ubuntu_16.04.7_lts	minidlna	*		Up to (excluding) 1.1.5+dfsg-2ubuntu0.1
运行在以下环境
系统	ubuntu_18.04	gupnp	*		Up to (excluding) 1.2.1+dfsg-1ubuntu0.18.04.1
运行在以下环境
系统	ubuntu_18.04.5_lts	minidlna	*		Up to (excluding) 1.2.1+dfsg-1ubuntu0.18.04.1
运行在以下环境
系统	ubuntu_20.04	gupnp	*		Up to (excluding) 1.2.1+dfsg-1ubuntu0.20.04.1
运行在以下环境
系统	ubuntu_21.04	wpa	*		Up to (excluding) 2:2.9-1ubuntu10
运行在以下环境
系统	ubuntu_21.10	wpa	*		Up to (excluding) 2:2.9-1ubuntu10
运行在以下环境
系统	ubuntu_22.04	pupnp-1.8	*		Up to (excluding) 2:2.9-1ubuntu10
运行在以下环境
系统	ubuntu_22.10	wpa	*		Up to (excluding) 2:2.9-1ubuntu10