Executive Summary
Summary | |
---|---|
Title | UPnP enabled by default in multiple devices |
Informations | |||
---|---|---|---|
Name | VU#347812 | First vendor Publication | 2008-01-15 |
Vendor | VU-CERT | Last vendor Modification | 2008-01-31 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#347812UPnP enabled by default in multiple devicesOverviewMultiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices.I. DescriptionUniversal Plug and Play (UPnP) is a collection of protocols maintained and distributed by the UPnP Forum. UPnP is designed to allow network devices to easily connect to each other. UPnP enabled applications may be able to control other UPnP enabled devices such as firewalls or routers automatically and without authentication. Some applications may rely on UPnP to automatically open ports on routers or automatically set other parameters on compatible devices.Multiple vendors ship devices with UPnP enabled by default. These devices may be configured to only listen for UPnP requests on local networks or wireless interfaces. By using browser plugins that execute in the context of the local system, an attacker may be able to send UPnP messages to local devices without authentication. One researcher has demonstrated an attack vector that uses the Adobe Flash plugin. Workarounds for administrators
Systems Affected
References
Information about this vulnerability was released by PDP on the GNUCITIZEN website. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/347812 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11435 | |||
Oval ID: | oval:org.mitre.oval:def:11435 | ||
Title: | Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | ||
Description: | Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1654 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-01-23 | Name : SuSE Update for flash-player SUSE-SA:2008:022 File : nvt/gb_suse_2008_022.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-21 (netscape-flash) File : nvt/glsa_200804_21.nasl |
2008-09-03 | Name : Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin) File : nvt/flash_player_CB-A08-0059.nasl |
2008-09-03 | Name : Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win) File : nvt/smbcl_flash_player_CB-A08-0059.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44279 | Adobe Flash UPnP navigateToURL Function SOAP Message CSRF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0221.nasl - Type : ACT_GATHER_INFO |
2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO |
2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-21.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-5159.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote openSUSE host is missing a security update. File : suse_flash-player-5161.nasl - Type : ACT_GATHER_INFO |
2008-04-10 | Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb08-11.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:02 |
|