Описание
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Отчет
This flaw does not affect the wpa_supplicant package as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. wpa_supplicant's WiFi Protected Setup (WPS) External Registrar functionality, which uses UPnP to act as a registrar for a WiFi access point, and hostapd's WPS UPnP functionality, are disabled in the build configuration. Additionally, wpa_supplicant's P2P functionality does not support UPnP as shipped in Red Hat Enterprise Linux 5, 6, 7 and 8.
Меры по смягчению последствий
To mitigate this flaw, close off the UPnP UDP port (usually 1900) and UPnP service ports from the Internet using a firewall. It's important to note that UPnP service ports vary based on the device, so device documentation should be consulted. Do not expose UPnP servers to the Internet. Exploitation of this flaw relies on HTTP SUBSCRIBE and NOTIFY requests, which can be blocked using a network security appliance, as another mitigation option.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | wpa_supplicant | Out of support scope | ||
| Red Hat Enterprise Linux 6 | gssdp | Out of support scope | ||
| Red Hat Enterprise Linux 6 | gupnp | Out of support scope | ||
| Red Hat Enterprise Linux 6 | wpa_supplicant | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gssdp | Will not fix | ||
| Red Hat Enterprise Linux 7 | gupnp | Will not fix | ||
| Red Hat Enterprise Linux 7 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 8 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 8 | gssdp | Fixed | RHSA-2021:1789 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | gupnp | Fixed | RHSA-2021:1789 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
The Open Connectivity Foundation UPnP specification before 2020-04-17 ...
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5 High
CVSS3